Page  58 


Open-Source  Myths— the  Bottom  Line  Page  82 


PLUS 


h<  i  m 

12  Critical  Questions  to  Ask  Page  48 


BY  CHRISTOPHER  KOCH 


How  to  Hire 

So  You  Don’t  Have  to  Fire  Page  72 


t 

,  J 


Where  TCO  Analysis 

Can  Steer  You  Wrong  [  Page  44 


MARCH  1,  2004  •  $9.00  CIO.COITI 


Learn  to  love  what  you  ve  been  taught  to  t< 
Act  more  quickly. 

Find  more  value. 

Always  look  for  the  upside. 

See  that  change  is  opportunity’s  nickname 

Solutions  for  the  adaptive  enterprise. 


mjB 

Solutions  for  the  adaptive  enterprise. 


n  v  e  n  t 


©2004  Hewlett-Packard  Development  Company,  L.R 


ROADMAP 


your  guide  to  the 

VjNNVIRED  ENTERPR/S£ 


02004,  Sybase,  Inc.  Sybase  and  the  Sybase  logo  are  registered  trademarks  of  Sybase.  Inc.  XPLANATIONS™  by  Xplane.com  '-.  All  other  company  and  product  names  mentioned  may  be  trademarks  of  the  respective  companies  with  which  they  are  associated. 


*2  FIELD  FORCE  AUTOMATION 


^NUMBER 


PROVIDER 


Data  Ready  To  Go 

Sybase  Data  Management  solutions 
deliver  the  data  agility  that  makes 
field  force  automation  possible.  Real 
results.  Real  ROI.  Real  fast. 


•  > 

Source:  IDC.  Worldwide  Mobile  Middleware  Competitive  Analysis.  2003: 
Forecast  tor  2003-2007,  IOC  #29580.  Jul  2003. 


Extend  Your  Reach 


Sybase  M-Business  Anywhere™  lets 
you  mobilize  the  apps  you  already 
have  so  you  can  reap  more  value  from 
your  current  technology  investments. 


Discover  how  Britannia  Airways 

saved  over  one  million  dollars 
and  improved  staff  management 
processes  with  Sybase,  the 
world’s  number  one  provider 
of  mobile  middleware?1 


Security  Everywhere 

For  real-time  transactions,  nothing 
is  better  or  more  secure  than  Sybase 
SQL  Anywheref  the  world's  leading 
mobile  data  management  and 
synchronization  solution. 


rise 


Mr.  5,000  Desktops 
Updated  with  the 
Latest  Engineering 
App  in  10  Minutes 


Microsoft 


Your  potential.  Our  passion. 


©  2004  Microsoft  Corporation.  All  rights  reserved.  Microsoft,  BizTalk,  SharePoint,  SQL  Server,  Windows,  the  Windows  logo,  Windows  Server,  WindMKSttKH^^^^Bfour  potential.  Our  passion."  are  either  roistered  trademarks 
or  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries.  MOTOROLA  and  the  Stylized  M  Logo  are  registered  in  the  UniteftJtStes  l*at^pBH»irk  Office.  Motorola  logo  ©  Motorola,  Inc.  2004. 


"We  performed  over  807,000  successful  software 
deployments  to  65,000  desktops  in  2002  alone  and 
saved  over  247,000  administration  hours." 

Steven  Bramson 

Senior  Systems  Architect,  Motorola 


Make  a  name  for  yourself  with  Windows  Server  System. 

Microsoft  Windows  Server  System  makes 
Motorola's  infrastructure  easier  to  manage.  Here's 
how:  using  Microsoft  Systems  Management  Server 
and  SQL  Server,  powered  by  Windows  Server, 
Motorola  conducts  system  inventory  of  their  65,000 
desktops  from  one  location,  identifies  necessary 
system  updates,  then  deploys  those  applications 
across  the  enterprise  automatically,  it's  software 
that  helps  you  do  more  with  less.  Get  the  full 
Motorola  story  and  a  hands-on  management  tool 
at  microsoft.com/wssystem 


Windows  Server  System™  includes  these  products: 


Microsoft® 

Windows 
Server  System 


Server  OS 

Windows  Server™ 

Operations  Infrastructure 

Systems  Management  Server 

Application  Center 

Operations  Manager 

Internet  Security  &  Acceleration  Server 

Windows®  Storage  Server 

Application  Infrastructure 

SQL  Server'" 

BizTalk®  Server™ 

Commerce  Server 

Content  Management  Server 

Host  Integration  Server 

Information  Work  Infrastructure 

Exchange  Server 

Office  SharePoint™  Portal  Server 

Office  Live  Communications  Server 

LEVEL 


VOL.  17  •  NO.  10  •  MARCH  1.  2004 


COVER  STORY 


SOFTWARE  QUALITY  I  48 


BURSTING  THE 


U.S.  CIOs  want  to  do  business  with  offshore  companies  with  high  CMM  ratings.  But  some  outsourcers 
exaggerate  and  even  lie  about  their  Capability  Maturity  Model  scores.  By  Christopher  Koch 


Features 


CUSTOMER  SERVICE 

AARP  Is  Talking  ’Bout  That  Generation  I  58 

During  the  next  10  years,  two-thirds  of  the  76  million  baby 
boomers  will  be  easing  into  middle  age  and  preparing  for  retire¬ 
ment.  AARP  is  getting  ready.  By  Elana  Varon 


‘‘Whether  it's  76  million  baby 
boomers  coming  or  35  million 
existing  members,  we  serve 
a  large  audience,"  says  AARP 
CIO  John  Sullivan.  He  has 
grand  IT  visions  for  the  future, 
including  a  Web  services 
rollout  and  unlimited  online 
transactions  for  members. 


Q&A  WITH  MAURICE  SCHWEITZER  I 
BUSINESS  DECISIONS 
Bias  Beware  I  66 

It’s  commonly  believed  that  the  more  time  we  devote  to  a 
project,  the  better  the  results.  Not  so.  Wharton  professor 
Maurice  Schweitzer  tells  Senior  Writer  Stephanie  Overby 
how  CIOs  can  correct  “input  bias”  and  stop  confusing 
quantity  with  quality. 

STAFFING 

How  to  Hire  So  You  Don’t  Have  to  Fire  I  72 

Hiring  the  right  people  for  your  IT  organization  is  not 
an  easy  job,  nor  an  exact  science.  We’ll  show  you  how 
to  identify  the  candidates  with  the  right  attitude. 

By  Meridith  Levinson 

MORE  ►  ►► 


CIO  MARCH  1,  2004  •  www. cio.com 


6 


COVER  PHOTO  ILLUSTRATION  BY  PETE  MCARTHUR 


The  right  software  can  help  today's  CIO 
become  tomorrow's  corporate  leader. 

It’s  amazing  what  the  right  software  can  do  in  the  right  hands.  Just  ask  the 
CIOs  taking  advantage  of  our  management  software  for  utility  computing. 
They've  transformed  previously  complex  disparate  infrastructures  into 
integrated  springboards  for  business  success.  And  they've  capitalized  on 
tomorrow's  trends  while  heading  off  today's  problems,  all  while  maximizing 
their  existing  resources.  To  learn  how  management  software  can  benefit 
your  business,  not  to  mention  your  career,  go  to  ca.com/management3. 

©  2003  Computer  Associates  International,  Inc.  (CA).  All  rights  reserved. 


Computer  Associates® 


Features  continued 


OPEN  SOURCE 

The  Myths  of  Open  Source  I  82 

It  isn’t  all  about  cheap:  Companies  keep 
finding  good  reasons  to  take  advantage 
of  open-source  software. 

By  Malcolm  Wheatley 

Columns 

FROM  THE  PUBLISHER 
The  Return  of  Innovation  !  14 

Make  no  mistake:  Despite  the  past 
three  years  of  economic  doldrums, 
innovation  is  alive  and  well. 

By  Gary  Beach 

REALITY  BYTES 
Wall  of  No  Sound  I  40 

The  recording  industry  is  trying 
to  stop  people  from  listening  to, 
talking  about  and  sharing  music. 

Yeah.  That  makes  a  lot  of  sense. 

By  Julie  Hanson 

REAL  VALUE 

Avoiding  the  TCO  Trap  I  44 

Using  the  total  cost  of  ownership 
metric  is  a  good  way  to  measure 
costs  but  a  bad  way  to  analyze  the 
full  business  value  of  IT  investments. 

By  Jack  Keen 


HOT  SEAT  I  91 

Your  Guide 
to  Managing 

Chief  Beggar,  Fortune-Teller 
and  Juggler 

How  to  balance  all  your  roles  without 
dropping  the  ball.  By  Michael  Fitzgerald 

Management  Reports  I  94 

Corporate  Culture  Carries  On:  Why 
organizations  resist  change. 

Leadership  Agenda  !  96 

Oh,  the  Perils  of  the  OCIO:  The  right  way 
to  deploy  an  Office  of  the  CIO  structure. 
By  Susan  H.  Gramm 


CIOs  are  much  more  than  just  technologists  and 
managers,  says  Catherine  Brune,  CTO  of  Allstate 
Insurance.  Don't  forget  incubators,  referees, 
fortune-tellers  and  psychologists. 


Sections 

TRENDLINES  I  26 

Tracking  mad  cows  with  IT;  Blogs:  News 

you  can  use;  How  GM  cuts  IT  operating 

costs;  Fixes  for  underperforming  staff. 

And  more 

OFF  THE  SHELF  I  30 

Growing  Your  Company's  Leaders 

and  Tony  Soprano  on  Management. 

CIO  Best-Sellers. 

ON  THE  MOVE  I  34 

CIOs  on  the  go — see  where  your 

peers  are  working  now. 

PROFILE:  Jim  Brownell  returns  to 
CIO  role  after  vendor  stint. 


In  Every  Issue 

INBOX  I  18 

Reader  feedback 

INDEX  I  102 

EXECUTIVE  SUMMARY  I  104 

Abstracts  of  all  the  feature  stories  found 
in  this  issue. 


“The  problem  is  that  TCO  has  become  so  popular  that 
its  cost-oriented  analysis  is  becoming  a  substitute  for 
the  more  relevant  full  value  analysis.” 

-Jack  Keen,  Real  Value  columnist,  on  total  cost  of  ownership  Page  44 


8 


CIO  MARCH  1,  2004  •  www.cio.com 


The  ultra-small,  full-featured  notebook  you  don’t  have  to  make  room  for. 

More  lap  and  tray  table  room.  A  wide-screen  display  with  Dolby  stereo.  Enough  battery  life  for  a  full-length  double  feature. 
With  its  ultra-small  size  and  ultra-big  multimedia  capabilities,  the  award-winning  Fujitsu  LifeBook®  P5000  notebook  will  make 

any  trip  feel  like  an  upgrade.  A  “micro”  revolution  in  mobile  computing,  the  LifeBook  P5000 
notebook  features  Intel®  Centrino™  mobile  technology,  a  modular  bay,  and  extended  battery  life  in 
an  8"  x  1 0“  chassis  you  have  to  see  to  believe.  Watch  DVDs,  burn  CDs,  or  drive  powerful  mobile 
applications — without  having  to  lug  around  an  extra  carry  on.  To  see  what  your  new  travel 
companion  can  really  do,  call  1.877.372.3473  orvisitwww.computers.us.fujitsu.com/firstclass, 

MOBILE 
TECHNOLOGY 


FUJITSU 

THE  POSSIBILITIES  ARE  INFINITE 


©2003  Fujitsu  Computer  Systems  Corporation.  All  rights  reserved.  Fujitsu,  the  Fujitsu  logo  and  LifeBook  are  registered  trademarks  of  Fujitsu  Limited.  Intel,  Intel  Centrino.  and  the  Intel  Centrino  logo  are 
trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  Microsoft  and  Windows  are  registered  trademarks  of  Microsoft  Corporation 


nexhra 


•is 


It  ain’t  braggin’  if  you  can  do  it. 


Finally,  a  company  that  talks  big  and  works  bigger.  A  company  that  talks 
ROI  and  actually  delivers.  A  company  that  provides  real  business  value  you 
can  measure.  A  network  solutions  and  services  provider  called  NextiraOne. 

At  NextiraOne,  we  bring  clarity  to  your  complex  communications  networks. 
Planning,  designing,  implementing,  supporting  and  managing.  For  voice, 
data  and  converged  infrastructures.  In  the  United  States  or  around  the  world. 
You  name  it,  we  do  it  -  with  world-class  results. 


www.NextlraOne.com  (888)  888-1055 


INTERACTIVE 

>features 

Interactive  features  from  March  1  to  March  14 

ASK  THE  SOURCE 

How  Can  You  Please 
Two  Audiences  at  Once? 


John  Sullivan,  CIO  of  AARP,  knows  a  thing 
or  two  about  the  76  million  baby  boomers  who 
will  begin  their  retirements  during  the  next 
decade:  They  don’t  like  to  wait,  and  they're  very  wired.  He  also  knows  that 
he  has  to  keep  up  his  call  centers  and  other  more  “analog”  customer-facing 
interfaces  for  his  35  million  existing  members.  And  for  all  AARP  members, 
Sullivan  has  to  determine  the  balance  between  sharing  information  with  his 
business  partners  and  safeguarding  members’  privacy.  How  does  he  do  it? 
Read  AARP  Is  Talking  'Bout  That  Generation  (Page  58),  and  then  shoot 
your  own  questions  to  Sullivan  when  you  ASK  THE  SOURCE.  He  is  avail¬ 
able  to  give  you  answers  through  March  14.  Go  to  www.cio.com/experts. 


Our  Daily  Web 

MONDAY  Tech  Tact 

Technology  Editor  Christopher 
Lindquist  covers  what’s  coming. 

TUESDAY  Quick  Poll 

Vote  with  your  mouse,  and  see 
how  other  IT  leaders  feel  about 
current  events. 

WEDNESDAY  Metrics 

Web  Writer  Jon  Surmacz  makes 
sense  of  the  numbers. 

THURSDAY  Sound  Off 

Web  Editorial  Director  Art  Jahnke 
opines  on  managerial,  political 
and  ethical  dilemmas. 

FRIDAY  The  Big  Picture 

Charts  and  graphs  that  are  worth 


a  thousand  words. 


ADD  A  COMMENT 

Explode  a  Myth 

In  The  Myths  of  Open  Source 

(Page  82),  we  explode  six 
myths  about  open  source— 
and  why  it  might  be  time  to 
take  another  look  at  it  for  your 
company.  Got  a  few  myths  of 
your  own  about  open  source? 
Explode  them  in  ADD  A 
COMMENT  attheendofthe 
online  version  of  this  article. 


T 

A 


LEARN  MORE 

Weed  Through  the  Job  Candidates 


Finding  the  right  people  for  the  right  job  isn’t 
easy  (see  How  to  Hire  So  You  Don’t  Have  to 
Fire,  Page  72).  One  way  is  ask  brain-crunch¬ 
ing  teasers,  riddles  and  logic  puzzles  that  will 
demonstrate  enthusiasm  for  taking  on  new 
challenges,  and  a  certain  amount  of  creative 


audacity.  Author  John  Kador  shares  some 
samples  (with  correct  answers)  in  “Close 
Encounters  with  the  Brainteaser  Job 
Interview,”  which  originally  ran  on  our 
sister  site,  www.darwinmag.com.  Find 
the  link  at  www.cio.com/printlinks. 


every  WEEKDAY  The  News 

We  synthesize  the  top  IT  news 
stories  of  the  day. 


Online  Exclusives 


Find  That  Link 

Memorizing  URLs  is  a  hassle— 
and  in  some  cases  downright 
painful.  To  make  your  print-to- 
online  jump  easier,  we  collect 
all  of  the  articles  and  resources 
mentioned  in  each  issue  and 
put  them  on  one  handy  web¬ 
page,  www.cio.com/printlinks. 
Select  the  issue  date  from  the 
drop-down  box  at  the  top  of 
the  page,  and  then  scroll  down 
to  the  link  you  want. 


12  CIO  MARCH  1.  2004 


www.cio.com 


PHOTO  LEFT  BY  STEVEN  VOTE;  ILLUSTRATION  BY  MICHELLE  CHANG 


Dell  Handles  125,000 
Transactions  Per  Hour 


With  Oracle 


Dell  counts  on  Oracle  on  Linux  to  handle 
customer  orders  every  day. 

What  do  you  run? 


oracle.com/success/dell 
or  call  1.800.633.0753 


Copyright  ©  2003,  Oracle  Corporation.  All  rights  reserved.  Oracle  is  a  registered  trademark  of  Oracle  Corporation  and  or  its  affiliates.  Other  names  may  be  trademarks  of  their  respective  owners. 


From  the  Publisher 

gbeach@cio.com 


The  Return  of 
Innovation 

INVENTION  IS  MOST  OFTEN  THOUGHT  OF  as  the  “creation  of  a  new 
idea  or  concept.”  Innovation,  meanwhile,  commercializes  the 
invention  for  widespread  use.  The  United  States  has  often  led 
the  world  in  high-tech  invention,  but  it  is  our  innovation  that 
has  given  our  economy  its  competitive  edge.  The  economic  dol¬ 
drums  of  the  past  three  years  have  dampened  innovation,  to  be 
sure.  But  make  no  mistake:  IT  innovation  is  alive  and  well. 

John  Gantz,  chief  research  officer  at  IDC,  and  a  colleague  of 
mine  at  IDG,  our  parent  company,  is  fond  of  claiming  that  the 
tech  invention  and  innovation  cycle  goes  in  15  year  waves. 
Inventors  at  Apple  and  elsewhere  created  versions  of  the  PC  in 
the  mid-1970s,  and  in  1980,  the  popular  era  of  the  PC  dawned. 
Fifteen  years  of  innovation  incorporating  local  area  networks, 
the  Windows  operating  system  and  client/server  computing  into 
corporations  followed.  With  these  innovations  came  increasing 
worker  productivity  that  enhanced  U.S.  competitiveness. 

The  most  recent  big  bang  of  innovation  began  around  1995, 
when  Marc  Andreessen  took  the  Web  browser  he  invented  and 
started  Netscape,  ushering  in  the  Internet  innovation  era.  Cor¬ 


porations  and  CIOs  embraced  the  Internet  to  build  out 
grandiose  intranets  with  plans  to  extend  them  to  trading  part¬ 
ners  via  the  Web.  Then  the  bubble  burst,  and  the  Internet  inno¬ 
vation  era  appeared  to  fizzle.  But  there’s  little  doubt  that  the 
Web  conferred  an  advantage  in  the  marketplace  for  companies 
that  innovated  successfully. 

Now  there’s  evidence  that  Internet-based  innovation  is  ramp¬ 
ing  up  again.  In  the  monthly  CIO  Magazine  Tech  Poll  last 
October,  CIOs  reported  that  23.8  percent  of  all  their  purchases 
would  be  made  online  in  the  coming  year,  which  was  a  three- 
year  high.  The  poll  also  found  that  nearly  half  of  all  corpora¬ 
tions  have  a  significant  application  backlog.  There’s  plenty  of 
work  to  be  done,  and  it  isn’t  on  maintenance  or  incremental 
upgrades  to  existing  systems. 

When  I  recently  asked  a  CIO  of  a  Fortune  1000  corporation 
about  the  most  innovative  project  he  has  planned  for  the  com¬ 
ing  year,  he  turned  to  the  strategic  plan  he  wrote  in  2000. 

IT  innovation  may  have  taken  a  three-year  breather,  but 
CIOs  have  plenty  of  unfinished  business.  Tech  innovation  will 
thrive  once  again  as  CIOs  go  back  on  the  offensive,  pursuing 
more  and  better  ways  to  drive  revenue. 

Are  you  launching  your  next  cycle  of  innovation?  Which 
emerging  technology  will  change  how  you  do  business?  Send 
me  your  comments  at  gbeach@cio.com. 


1  4 


CIO 


MARCH  1 


2004 


www.cio.com 


PHOTO  BY  WEBB  CHAPPELL 


Sun  Microsystems  has  countless  printers, 
but  only  one  output  management  services  provider.  Xerox. 
By  trusting  our  expertise  they’re  free  to  focus  on  theirs. 

There’s  a  new  way  to  look  at  it. 


Learn  more:  www.xerox.com/learn  For  a  sales  rep:  1-800-ASK-XEROX  ext.  LEARN 

©  2002  XEROX  CORPORATION.  All  rights  reserved.  XEROX? The  Document  Company®  and  There's  a  new  way  to  look  at  it  are  trademarks  of  XEROX  CORPORATION. 

Sun  Microsystems  is  a  registered  trademark  of  Sun  Microsystems,  Inc.  Used  with  permission. 


the  Document  Company 

XEROX 


Great  Moments  at  Work. 

4:42  pm  You're  not  stopped  in  the  hall  and 
asked  to  pull  yet  another  up-to-the-second 
project  report. 


o  2004  Microsoft  Corporation.  All  rights  reserved  Microsoft,  Frontpage, 
InfoPath,  tire  Office  logo.  OneNote,  Outlook,  PowerPoint,  PI larePoint, 
Windows,  Windows  Server,  Visio,  and  "Your  potential  Dm  p  ission."  are 
either  registered  trademarks  or  trademarks  of  Microsoft  Corporation  in 

the  Unit'  d  states  and/or  other  countries. 


mm 


Introducing  the  new  Microsoft  Office  System. 

Now  users  can  do  more  for  themselves  so  you  can  focus  on 
the  important  things.  More  than  just  the  core  suite  you're 
familiar  with,  the  new  Microsoft®  Office  System  is  an  integrated 
system  of  easy-to-use,  expanded  programs,  servers,  services, 
and  solutions  that  help  end  users  be  more  self-sufficient. 
With  the  Microsoft  Office  Enterprise  Project  Management 
Solution  (including  Microsoft  Office  Project  Server  2003, 
Microsoft  Office  Project  Professional  2003,  and  Microsoft 
Office  Project  Web  Access),  users  can  have  access  and 
visibility  into  all  of  their  projects,  including  current  status, 
integrated  costs  from  business  systems,  risks,  and  all  project 
documents — all  on  their  own.  Which  might  just  be  the  most 
valuable  part  of  it  all.  To  find  out  how  the  Microsoft  Office 
System  can  work  for  you,  go  to  microsoft.com/officelT 


Microsoft 
Office  System 

More  than  what  it  used  to  be,  it's  now  a 
comprehensive,  customizable  system. 

Programs 

Servers 

Services 

Access  2003 

PowerPoint®  2003 

Project  Server  2003 

Live  Meeting 

Excel  2003 
FrontPage®  2003 
InfoPath™  2003 
OneNote™  2003 

Outlook®  2003 

Project  2003 
Publisher  2003 

Visio®  2003 

Word  2003 

Live  Communications 
Server  2003 

Exchange 

Server  2003 

SharePoint™  Portal 
Server  2003 

Office  Online 

Solutions 

Solution  Accelerators 

Enabling  Technologies: 

Windows  Server™  2003,  Windows®  SharePoint  Services, 
Rights  Management  Services 


Office 


InBox 


Reader  Feedback 


A  CALL  FOR  EFFECTIVE  LEADERSHIP 

In  the  Nov.  1, 2003,  editor’s  letter  [“Performance  Arts”],  Editor  in  Chief  Abbie 
Lundberg  asks  if  readers  “agree  that  effective  performance  management  is  a 
key  to  your  success.”  My  answer  is  no.  To  me,  performance  management  is 
counterintuitive  to  effective  leadership. 

The  term  management  seems  best  reserved  for  such  things  as  processes, 
projects,  budgets  or  time— certainly  not  people.  People  respond  more  positively  to 
effective  leadership  than  to  effective  management.  When  there  is  effective  leadership,  there 
should  be  little  or  no  need  for  performance  management.  While  I  acknowledge  that  sometimes 
it  may  be  required  to  separate  someone  under  less  than  ideal  circumstances,  I  do  believe  much 
can  be  done  to  mitigate  having  to  “Find,  Fix  or  Fire  Your  Poor  Performers”  (Nov.  1, 2003).  The 
first  step  is  to  go  above  and  beyond  in  making  a  good  hiring  decision. 


Here  are  the  four  key  questions,  in 
order  of  importance,  that  I  consider 
when  hiring  a  new  team  member. 

■  Are  the  individual’s  character  and  val¬ 
ues  aligned  with  my  company’s  values? 

■  Will  he  fit  the  culture? 

■  Will  he  integrate  with  my  team? 

■  What  skill  sets  does  he  possess? 

Generally  speaking,  when  an  individ¬ 
ual  fails,  he  has  done  so  because  his  lead¬ 
ership  has  failed.  Leadership  should  not 
be  taken  lightly  and  not  be  confused 
with  the  task  of  management.  Leader¬ 
ship  of  people  is  a  privilege  and  should 
be  treated  as  such.  Those  you  lead  have 
trusted  you  and  have  an  expectation  that 
you  will  lead  by  example.  Effective 
leadership  is  a  key  to  my  success. 

Martin  T.  Crean 
Regional  Technology  Coordinator 
Virchow  Krause 
mcrean@virchowk  rause.  com 

NO  ROOM  FOR  BELL  CURVES 

My  initial  reaction  to  “How  to  Find,  Fix 
or  Fire  Your  Poor  Performers”  was  neg¬ 
ative.  I  detest  comments  like,  “Life  is  a 
bell  curve.  Get  used  to  it.”  Perhaps  to  a 
statistician  or  a  sociologist,  life  is  a  bell 
curve,  but  that  cannot  be  the  attitude  of 


management.  I  categorically  reject  the 
idea  that  10  percent  or  20  percent  of  the 
people  in  any  organization  are  coming 
to  work  to  fail.  And  when  I  “fix”  or 
“fire”  them,  will  another  10  percent  or 
20  percent  take  their  place?  That  is  the 
essence  of  the  bell  curve  attitude — a  con¬ 
stant  battle  waged  by  management  to 
“cull  out”  the  lowest  20  percent.  Who 
wants  to  work  in  such  an  environment? 

I  have  been  in  middle  management 
for  more  than  15  years,  and  have  almost 
30  years  of  IT  experience.  I  have  man¬ 
aged  organizations  of  up  to  300  techni¬ 
cal  staffers.  My  budget  responsibilities 
have  exceeded  $30  million  annually  in 
capital  expenditures  and  $10  million  to 
$15  million  annually  in  operating  costs. 

Middle  management  likes  to  joke 
about  how  thin  the  air  gets  at  the  top  as 
a  way  to  explain  the  irrational  ideas  we 
sometimes  receive  from  on  high.  I  do  not 
mean  to  denigrate  any  executive  with  this 
playful  talk.  But  there  is  a  reality  to  the 
point  that  after  spending  some  time  at 
the  top,  many  executives  seem  to  lose 
connection  with  the  trials  and  tribula¬ 
tions  of  the  rank  and  file.  I’m  sure  most 
CIOs  will  deny  it,  perhaps  sincerely.  They 
want  to  believe  they  have  their  fingers  on 


the  pulse  of  the  company.  The  truth  is, 
that  is  rarely  possible.  The  higher  you  go, 
the  more  issues,  comments,  complaints 
and  even  good  ideas  are  filtered  through 
a  steady  progression  of  (hopefully)  well- 
meaning  intermediaries. 

James  Bennett,  Senior  IT  Manager 
jkbS454@hotmail.com 

Forced  ranking,  in  my  opinion,  is  not  an 
effective  management  tool.  A  bell  curve 
is  a  mathematical  description  of  ran¬ 
dom  numbers,  not  people,  and  a  man¬ 
ager  who  tries  to  make  human  beings  fit 
one  is  someone  I  would  strongly  avoid. 

Please  give  readers  articles  that  focus 
on  how  to  get  people  trained  to  increase 
morale  and  productivity  rather  than  cre¬ 
ating  a  cutthroat  culture  that  counters 
productivity.  Good  managers  treat  em¬ 
ployees  like  assets  who  can  be  improved 
upon  instead  of  costs  to  control. 

John  Cook,  Network  Administrator 
Benchmark  Electronics 
john.cook@bench.com 

HOW  TO  GROOM  FUTURE  CIOS 

The  shrinking  role  that  CIOs  are  playing 
in  today’s  business  environment  is  an 
ongoing  and  expanding  problem  (“The 
Incredible  Shrinking  CIO,”  Oct.  15, 
2003).  As  I  ruminated  on  the  whys  and 


18 


CIO  MARCH  1,  2004  •  www.cio.com 


You  WERE  THERE  FOR  THE  BOOM. 

You’ve  made  it  through  the  bust. 

Now  IT’S  TIME  TO  HIRE. 

Someone  who  knows  IT  inside  and  out. 


v  wp. 

A 

MB8B  mKk 

Sd  why  are  your  palms  sweating? 


Your  IT  budget  has  been  approved.  It's  time  to  hire  -  but  where  do  you  turn  to  find  the 
right  fit?  At  Robert  Half  Technology,  we  really  understand  IT.  Our  unsurpassed  knowledge 
of  the  technology  marketplace  allows  us  access  to  the  very  best  and  brightest  in  the 
industry.  And  we'll  meet  your  requirements  quickly  and  cost-effectively.  So  whether 
you're  looking  for  someone  to  help  manage  your  Q  &  A  in  application  rollouts,  upgrade  your 
operating  system,  or  even  secure  systems  that  prevent  viruses  -  relax.  Talk  to  us  today. 
You'll  get  the  right  person  for  the  job.  Guaranteed* 


oh 

no 

o 

o 

o 

o 

RH 

ROBERT  HALF 

TECHNOLOGY’ 


Information  Technology  Professionals 


WE  GET  IT.  WE  SPEAK  IT.  WE  KNOW  IT. 
800.793.5533  .  roberthalftechnology.com 


A  Robert  Half  International  Company 


For  more  details  on  our  guarantee,  contact  us  today!  ©Robert  Half  Technology.  E0E 


Join  your  peers,  winners  of  this  year’s  CIO  100  award. 


eadershin 


innovation 


August  22-24, 2004 
Hotel  del  Coronado 
Coronado,  CA 


Sponsored  by 


(£> 


V'-  FUJITSU 

cigital 


Q. 

net  ID  O  SupportSoft 


Work  Smarter. 


This  year's  CIO  100 
Awards  Ceremony  is 
proudly  underwritten  by 

PeopleSoft, 


Presented  by 


The  Resource  for 
Information  Executives 


SYMPOSIUM  & 

AWARDS 

CEREMONY 


Join  ts. 

Calf  800.355,0246 
www.cio.  com /conferences 


'  <\  h*  H  » 


mmmm 


InBox 


wherefores  of  what  has  led  to  this  dis¬ 
turbing  reality,  I  read  the  Dec.  1,  2003, 
Real  Value  column  by  Jack  Keen  on  mak¬ 
ing  the  business  case  to  justify  IT  invest¬ 
ment  (“Make  It  Clear”).  Both  articles 
focus  on  the  disconnect  between  the 
world  of  IT  and  the  world  of  business. 

The  past  15  years  have  seen  different 
approaches  used  to  gain  control  of  the 
integration  of  IT  into  business.  One 
approach  is  to  place  non-IT  managers  in 
charge  of  IT  operations.  It  takes  a  gifted 
manager  to  run  an  operation  he  doesn’t 
understand.  Another  strategy  is  to  educate 
the  people  of  science  to  become  business- 
people.  Again,  results  vary,  largely  because 
being  a  businessperson  is  as  much  attitude 
and  aptitude  as  it  is  acquiring  knowledge. 

The  IT  industry  doesn’t  have  enough 
leaders  prepared  to  function  effectively 
in  the  complex  and  diverse  role  that 
businesses  demand  of  them.  Fortunately, 


though,  the  solution  is  already  in  place. 

The  strategy  is  a  reverse  variation  of 
the  science-person-to-businessperson 
approach.  In  that  approach,  an  attempt 
is  made  to  transform  individuals  with 
formal  education  in  computer  engineer¬ 
ing  or  computer  science  into  managers 
of  the  application  of  their  science. 

A  reverse  variation  is  to  provide  indi¬ 
viduals  with  a  business  aptitude  with  a 
formal  education  in  a  combination  of 
business  administration,  the  technology  of 
information  processing,  and  the  process 
of  IS  development  and  management.  This 
approach  focuses  on  the  application  of  IT 


What  Do  You  Think? 


Send  your  thoughts  and  feedback  to 
letters@cio.com.  Letters  may  be  edited  for 
length  or  clarity.  For  a  link  to  the  articles 
mentioned,  go  to  www.cio.com/printlinks. 

cio.com 


in  a  business  environment,  as  opposed  to 
the  science  of  computing  itself.  To  be 
more  specific,  the  skill  set  is  developed 
when  individuals  are  provided  with  an 
education  in  business  systems,  such  as 
accounting,  finance,  production,  market¬ 
ing.  It  is  enhanced  when  they  are  schooled 
in  the  techniques  of  technology  such  that 
they  acquire  practical  skills  in  program¬ 
ming,  networking  and  databases.  It  is 
completed  when  they  learn  to  apply 
industry-recognized  methodologies  for 
system  development  and  management. 

Many  of  our  future  CIOs  will  come 
from  programs  that  follow  this  model. 
Given  time,  these  individuals  will  gain 
the  experience  needed  to  work  effec¬ 
tively  at  the  strategic  level  of  organiza¬ 
tions  where  they  are  needed. 

Jimmie  Carraway,  Senior  Lecturer 
Old  Dominion  University 
jcarrawa@cox.net 


ire  advisors  providing  bottom-line  impact  on  all  engagements  for  negotiating,  contracting 
and  managing  telecommunications  services.  We  are  an  executive  team  staying  engaged 
throughout  the  entire  process.  We  are  a  resource  of  knowledge  with  experience  across  a  broad 
range  of  carriers.  We  are  analysis  experts,  creating  leading-edge  pricing  and  contract  terms.  We 
are  a  partner  with  leverage,  market  intelligence  and  industry  aptitude,  setting  terms  and 
returning  a  hard  ROI  for  clients  every  day.  We  are  your  TAG  team. 

-  3  '*■ 


Thompson 

Advisory  Group 


The  Resource  for  Information  Executives 


President  and  CEO  Walter  Manninen 
Publisher  Gary  J.  Beach 

Editorial  Director  Lew  McCreary 

EDITORIAL 

Editor  in  Chief  Abbie  Lundberg 
Editor  Richard  Pastore 

Managing  Editor  David  Rosenbaum 
Managing  Editor,  Production  Cheryl  R.  Asselin 

Executive  Editors  Alison  Bass,  Michael  Goldberg, 
Christopher  Koch 

Leadership  and  Management  Editor  Edward  Prewitt, 
Opinion  and  Knowledge  Management  Editor  Megan 
Santosus,  Research  Editor  Lorraine  Cosgrove  Ware, 
Special  Projects  Editor  Mindy  Blodgett,  Technology 
Editor  Christopher  Lindquist 

Senior  Editors  Scott  Berinato,  Todd  Datz, 

Alice  Dragoon,  Elana  Varon 

Features  Editor  Late  Low 

Senior  Writers  Meridith  Levinson,  Stephanie  Overby, 
Ben  Worthen 

Copy  Chief  Tom  Wailgum 

Asst.  Managing  Editor,  Production  Kathleen  S.  Carr 

Senior  Copy  Editor  Emily  S.  Henderson 

Copy  Editor  Sarah  Johnson 

Special  Projects  Manager  Lynne  Z.  Rigolini 

Editorial  Resource  Manager  Carol  Zarrow 

Editorial  Assistant  Daniel  J.  Horgan 

Editorial  Operations  Specialist  Julie  Hanson 

Contributors  Stacy  Cowley,  Susan  H.  Cramm, 
Michael  Fitzgerald,  Jack  Keen,  Matt  Villano, 

Malcolm  Wheatley 


How  to  Reach  Us 

E-mail  letters@cio.com 
Phone  508  872-0080 
Fax  508  879-7784 

Address  CIO  Magazine,  CXO  Media  Inc., 

492  Old  Connecticut  Path,  P.O.  Box  9208, 

Framingham,  MA  01701-9208 

Website  www.cio.com 

Topic  Experts  www.cio.com/online_beats2.html 

Subscriber  Services  866  354-1125,  Fax  847  564-9453, 
E-mail  cio@omeda.com 

Reprint  Services  Jackie  Day  •  651  582-3856, 

E-mail  cioreprints@rsicopyright.com  (500  quantity  or  more) 

Rights  and  Permission  Andrew  Burrell  •  508  935-4785, 
E-mail  aburrell@cio.com 


DESIGN 

Executive  Director,  Art  and  Design  Mary  Lester 
Art  Director  Terri  Haas 

Associate  Art  Directors  Owen  Edwards,  George  Lee 

Senior  Designer  Kaajal  S.  Asher 

Design  Operations  Specialist  Rachel  Barnett 

Design  Contributors  Alberto  Capolino,  Leslie  Feagley, 
Andrea  Healy 

ONLINE  EDITORIAL 

Web  Editorial  Director  Art  Jahnke 
Consulting  Editor  Janice  Brand 
Web  Editor  Sandy  Kendall 
Web  Writer  Jon  Surmacz 

ONLINE  &  INFORMATION  SYSTEMS 

Chief  Information  Officer  Mark  Hall 

Online 

Senior  VP/General  Manager,  Online  Tim  Horgan 
Online  Technology  Director  Dagmar  Eiben 
Senior  Web  Developers  Diane  Chen,  Ellen  Morey 
Director  of  Online  Research  Kathleen  Kotwica 
E-Commerce  Manager  Andrew  Burrell 
Online  Producer  Shannon  Macdonald 
Online  Content  Researcher  Tara  Gillet-Liloia 
Designer  Graham  White 

Information  Systems 

Infrastructure  Manager  James  C.  Burgoyne 

User  Services  Manager  Ron  Bettencourt 

Senior  User  Services  Specialists  Jonathan  Frappier, 
Michael  Fahlsing 

System  Administrator  Robert  Reagan 

CIRCULATION 

Senior  VP/Circulation  Carol  A.  Spach 
Circulation  Director  Faith  Marcello 
Subscription  Svcs.  Supervisor  Tina  Pescara 

PRODUCTION 

VP/Manufacturing  Chris  Cuoco 
Production  Manager  Lee  Tuttle 
Senior  Production  Coordinator  Lisa  Stevenson 

EXECUTIVE  PROGRAMS 

EP  Senior  Vice  President  Jennifer  Richards 
Conference  Management  Vice  President  Cynthia  Mollus 
Marketing  Services  Director  Shellie  Rapson  James 
Business  Development  VP  John  Amato 
Business  Development  Director  John  Volupus 
Program  Operations  Manager  Brian  Fuce 
Marketing  Manager  Glede  Kabongo 


Marketing  Design  Specialist  Andrea  Slobogan 
Event  Development  Specialist  Sandra  J.  Hughey 
Senior  Logistics  Coordinator  Michael  Barbato 
Event  Planning  Director  Amy  Turell 
Senior  Customer  Services  Coordinator  Sarah  Yee 


CIO  EXECUTIVE  COUNCIL 

General  Manager  Mark  Hall 
Director  Martha  Heller 

Program  Managers  Bill  Golden,  Mindy  Hogan, 

David  Parker,  Steve  Rovniak,  Stacy  Sudan, 

Greg  Szumowski 

Operations  Assistant  Lisa  Byron 

MARKETING 

Executive  VP/Marketing  Cathy  O’Leary  Hayes 
VP/News  and  Information  Susan  Watson 
Media  Relations  Manager  Karen  Fogerty 
Program  Administrator  Lori  Piscatelli 
Marketing  Research  Director  Bridget  Cammarata 

Marketing  Research  Managers  Carolyn  Johnson, 
Dylan  DiGregorio 

Marketing  Comm.  Director  Sue  Yanovitch 
Sr.  MarCom  Development  Specialist  Kari  Curto 
Sr.  Marketing  Comm.  Specialist  Sarah  Crowley 

ADMINISTRATION 

Director  of  Finance  Margarita  Chiango 
Finance  and  Operations  Analyst  Chris  Bernardi 
Executive  Assistant  to  the  President  Diane  Martin 
Billing  Administrator  Joyce  Gillis 
Facilities  Specialist  John  Kelley 
Office  Services  Coordinator  Mary  E.  Wooldridge 

HUMAN  RESOURCES 

Human  Resources  Vice  President  Patricia  Chisholm 
Human  Resources  Manager  Tanya  Bureau 
Senior  HR  Representative  Beth  S.  Ramistella 


FOUNDER 

Joseph  L.  Levy 


INTERNATIONAL  DATA  GROUP 

CEO  Pat  Kenealy 

Board  Chairman  Patrick  J.  McGovern 

WBPA 

▼  INTERNATIONAL* 

©CXO  Media  Inc. 


2  2  CIO  MARCH  1,  2004 


www.cio.com 


Your  IT  budgets  and  staff  have  been  slashed 


•"  C--  5 


Fortunately  you  have  the  most  manageable 

video  conferencing  systems  in  the  world. 


- . r 

i 

C  ‘  ' 


With  IT  resources  scarcer  than  ever,  you  need  Polycom's  integrated  video  conferencing 
systems.  They're  user  friendly,  easy  to  upgrade,  manage  and  maintain.  Deployment  is 
virtually  "plug  and  play."  And,  monitoring  and  management  is  centralized.  It  all  adds  up 
to  a  great  ROI  for  your  team  and  your  company.  Join  the  millions  of  people  worldwide  that 
already  use  Polycom  and  The  Polycom  Office!"  With  integrated  video,  voice,  data,  and 
Web  applications,  The  Polycom  Office  makes  communicating  as  natural  as  being  there. 

For  more  information  and  your  free  white  paper  "Demystifying  IP  Migration"  visit 
www.polycom.com  or  call  1-877-POLYCOM.  Ask  about  the  outstanding  new  Polycom 
VSX"  7000  -  video  conferencing  like  you've  never  seen  it.  Polycom.  The  time  for 
manageable  video  conferencing  is  now. 


POLYCOM 


Connect.  Any  Way  You  Want. 


©2003  Polycom,  Inc.  All  rights  reserved.  Polycom  and  the  Polycom  logo  are  registered  trademarks  and  VSX,  Polycom  Office 
and  the  SoundStation  industrial  design  are  trademarks  of  Polycom,  Inc.  in  the  U  S.  and  various  countries. 


Tony  Menezes,  IBM  facilitator  of  open  practices,  financial  industry 


Open  standards  and 
the  tanning  of  the  screw. 

In  1864,  a  bolt  or  screw  made  in  one  machine  shop  wouldn’t  fit  a  nut  made 
in  another  machine  shop.  Everything  was  proprietary.  In  short,  a  mess. 

Until  William  Sellers  proposed  a  standard,  uniform  screw.  So  one  part 
could  be  made  down  the  street,  and  another  made  across  town,  and 
assembly  could  happen  anywhere.  Everything  worked  together. 

Apply  that  same  logic  to  IT  and  you  arrive  at  open  standards  like  Linuxf 
Universal,  open  “languages”  that  let  everything  IT  talk  to  everything 
else  IT.  Vendors,  systems,  partners  —  anyone  —  can  be  plugged  into  or 
unplugged  from  the  open  standards  “pegboard.”  Open  standards  is 
also  the  antidote  to  being  locked  into  the  high  costs  of  any  one  vendor. 

The  business  results?  Speed,  responsiveness,  flexibility,  readiness. 

Open  standards.  The  unifying  thread  behind  on  demand  business. 

On  demand  business  starts  with  on  demand  thinking. 

IBM  is  home  to  thousands  of  people  who  live  and  breathe  Linux. 

Specialists  who  can  bring  open  standards  (and  all  its  benefits)  to  just 
about  every  industry.  Our  IT  expertise,  coupled  with  deep  business 
know-how,  can  deliver  real  change  across  your  company.  On  demand 
business.  Get  there  with  on  demand  people.  Call  800  IBM  7080  (ask 
for  thinking)  or  visit  ibm.com/services/thinking 

Can  you  see  it? 


IBM  and  the  IBM  logo  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  Linux  is  a  registered  trademark  of  Linus  Torvalds. 
©2003  IBM  Corp.  All  rights  reserved. 


trenclines 

the  NEWtheHOT  theUNEXPECT  E  D  .A  il 

Edited  by  Michael  Goldberg 


INVENTORY  SYSTEMS 


Tracking  Mad  Cows  with  IT 

IT  TOOK  A  WEEK  after  a  Washington  cow  tested  positive  for  mad  cow 
disease  in  December  for  the  U.S.  Department  of  Agriculture  to  announce 
new  safeguards.  Tighter  controls  on  the  meat  supply  came  first.  (Item  No. 
1:  no  more  “downer  animals”  that  can’t  walk.)  Next  up:  an  IT  system  to 
identify  and  track  more  than  two  dozen  species  of  animals,  including  the 
nation’s  estimated  96  million  cattle. 

The  mad  cow  incident  has  made  developing  the  underlying  technology 
for  the  US  Animal  Identification  Plan  (USAIP)-in  development  since 
October  2002-an  urgent  priority  for  USDA  CIO  Scott  Charbo,  says 
Agriculture  Secretary  Ann  Veneman. 

The  animal  ID  plan's  goal  is  to  track  the  movements  of  more  than  two 
dozen  species  of  mammals,  birds  and  fish  and  be  able  to  locate  infected 
animals  within  48  hours  of  a  disease  outbreak.  Each  animal— or,  for 
animals  such  as  fish,  each  lot  of  animals— would  be  tagged  with  a  unique 

Continued  on  Page  28 


AIRLINE  SAFETY 

Turn  Off  That  Phone! 

EVEN  FOR  A  government  report,  this  one  that 
collects  complaints  from  commercial  airline 
pilots  and  flight  attendants  has  a  very 
bureaucratic  title:  “ASRS  Database  Report 
Set,  Passenger  Electronic  Devices.”  But  look 
inside  and  see  why  you  should  heed  those 
pretakeoff  instructions  to  turn  off  your  per¬ 
sonal  electronic  devices. 

Flight  navigation  disrupted.  Instrument 
readings  corrupted.  Cockpit  radio  commu¬ 
nications  confused.  All  because  some  people 
didn’t  turn  off  their  mobile  phones. 

The  reports,  issued  periodically  by  the 
NASA  Aviation  Safety  Reporting  System, 
cover  safety  concerns  voluntarily  reported  by 
workers — from  problem  passengers  to  flight 
crew  fatigue.  It’s  part  of  a  program  started  in 


1975  to  collect  field  reports  to  improve  avi¬ 
ation  safety;  more  than  300,000  incidents 
have  been  filed.  NASA  publishes  selected 
entries,  ensures  the  anonymity  of  the  filers, 
and  warns  readers  not  to  draw  conclusions 
from,  say,  the  50  complaints  included  in  an 
October  2003  report  about  passengers  using 
devices  at  unauthorized  times. 

Suffice  to  say,  however;  that  commercial  air¬ 
line  pilots  and  flight  attendants  won’t  hesitate 
to  return  a  Boeing  737  to  the  terminal  and 
have  police  remove  a  cell  phone  user.  This 
selection  from  the  NASA  report  concerning  a 
flight  to  Grand  Rapids,  Mich.,  shows  why: 

“DC-9  flight  crew  experienced  an  invol¬ 
untary  turn  by  the  autopilot  during  cruise. 
Autopilot  reacted  normally  after  the  captain 
asked  passengers  to  turn  off  any  personal 
electronic  devices.  Crew  later  learned  that  a 
cell  phone  in  an  overhead  bin  was  heard  dur¬ 
ing  the  time  of  the  autopilot  problem.” 


26  CIO  MARCH  1,  2004  •  www.cio.com 


SAS,  the  leader  in  business  intelligence  software,  challenges 


BHwHflB 


1H*]  til  t]  PM  VI  i  1 1 

1 1  i 

I  T iT 

mTv 

1L»j  Ji|[  J 

Kij 

r  ^ 

iiii 

ENTERPRISE  intelligence 

SUPPLIER  INTELLIGENCE 

ORGANIZATIONAL  intelligence 

CUSTOMER  intelligence 

INTELLIGENCE  architecture 


With  Sarbanes-Oxley  compliance  deadlines  less  than  a  year  away,  there  is  an  urgency  to  deliver 
financial  and  operational  transparency  --  one  clean,  consolidated  and  truthful  version  of  data  for  all 
your  disclosure  controls  and  procedures.  SAS®  Corporate  Compliance  software  provides  auditable, 
searchable  process  and  document  control  solutions.  So  you  can  prepare  now,  while  creating  a  system 
that  won’t  be  outdated  when  the  next  new  legislation  is  enacted.  Our  intuitive  interfaces  are  designed 
for  users  of  any  skill  level  -  with  a  central  point  of  control  to  manage  across  all  environments  -  and 
an  open,  adaptable  architecture.  To  find  out  more  about  how  to  confidently  comply  with 
Sarbanes-Oxley,  including  Section  404,  call  us  toll  free  at  1  866  270  5729  or  visit  our  Web  site. 


www.sas.com/sox 


The  Power  to  Know* 


SAS  and  all  other  SAS  Institute  Inc.  product  or  service  names  are  registered  trademarks  or  trademarks  of  SAS  Institute  Inc.  in  the  USA  and  other  countries.  ®  indicates  USA  registration. 

Copyright  ©  2003  SAS  Institute  Inc.,  Cary,  NC,  USA.  All  rights  reserved.  256048US.1003 


trendlines 


Mad  Cow  IT 

Continued  from  Page  26 


identification  number.  Organizers  are  endorsing  radio  frequency 
identification  (RFID)  tags;  cattle  would  be  fitted  with  ear  tags 
containing  an  RFID  chip  storing  each  animal’s  ID  number. 

Forty-eight  hours  is  faster  than  what  occurs  now  with  cattle.  It 
took  the  government  several  days  to  confirm  the  infected  cow’s  age 
and  origin.  The  work  to  locate  other  cattle  shipped  with  the 
infected  cow  from  Alberta,  Canada,  to  the  United  States  is  ongoing. 
At  press  time,  27  of  80  had  been  located.  (Investigators  also  traced 


one  of  the  infected  cow’s  offspring  to  a  second  farm  in  Washington. 
Because  authorities  couldn’t  identify  the  exact  animal,  the  entire 
herd  of  450  was  euthanized.) 

Before  this  mad  cow  case,  the  USDA  had  set  July  2005  as  the 
first  deadline  for  ID  tracking  of  interstate  cattle  movements. 
Progress  for  the  project  had  stalled,  however,  as  policy-makers  and 
players  from  the  livestock  industry  grappled  with  the  program’s 
complexity  and  cost  (estimated  to  be  $600  million).  Along  with 
finding  the  money  to  foot  the  bill,  officials  need  to  finalize  data 
structures,  database  architectures  and  location  technologies. 

Frustration  at  the  slow  speed  of  the  USAIP's  development  led 
five  agricultural  data  service  companies  in  October  2003  to  set  up 


the  Beef  Information  Exchange  to  create  data-sharing  standards 
and  lay  the  framework  for  a  nationwide  beef  cattle  tracking  system. 

“We  don’t  want  to  replace  the  USAIP.  We  just  can’t  wait  a  couple 
years  for  it,”  says  Tim  Niedecken,  information  products  director  for 
eMerge  Interactive,  a  software  and  services  vendor  to  the  beef 
industry. 

Niedecken,  who  is  on  an  IT  subcommittee  for  the  USAIP  project, 
says  its  wide  scope  slows  progress. 

For  beef  producers,  adopting  tracking  tools 
can  reassure  nervous  retailers  and  consumers. 
Denver-based  Maverick  Ranch  recently  has 
been  testing  a  biometric  ID  system  from 
Optibrand.“Our  customers  want  to  know  where 
the  animal  was  raised,  what  we  fed  it,  and  where 
it  was  born,  so  I  have  to  have  a  process  in  place 
to  help  bring  some  of  that  information  together,” 
says  Rex  Moore,  Maverick’s  president. 

While  the  USDA  is  leaningtoward  an  RFID-enabled  system  with  ear 
tags,  Moore  says  he  prefers  Optibrand’s  retinal  scanningtechnology. 
Ear  tags  can  be  lost  or  tampered  with,  whi  ie  eyes  can’t  It  costs 
$2,000  for  an  Optibrand  reader  and  less  than  $1  per  scan.  During  the 
lifetime  of  an  animal,  it  would  cost  about  $3  in  imaging  charges 
(shared  by  rancher,  feed  lot  and  slaughterhouse). 

The  expense  is  necessary,  Moore  adds.  "The  industry  really  does 
need  it  as  a  herd  health  tool,"  he  says.  -Stacy  Cowley 


President  Bush  is  seeking  $33  million 
in  the  2005  federal  budget  to  speed  up 
development  of  an  animal  ID  system. 


BLOGS 

News  You  Can  Use 


YOU  CAN  FIND  a  blog  about  anything 
(including  blogs  about  blogs).  You  can  even 
outsource  a  research  intelligence  blog  for 
your  company. 

Techdirt,  in  Foster  City,  Calif.,  sells  what 
it  calls  corporate  intelligence — news  and 
analysis  about  a  company,  its  competitors 
and,  in  some  cases,  its  industry,  presented 
in  bitesize  chunks  with  Web  links  to  more 
information.  And  while  the  media  and  ana¬ 
lyst  research  houses  offer  industry-level 
research  reports,  Techdirt  promises  individ¬ 
ualized  content.  Sort  of  The  Daily  [Your 
Company],  circulated  to  clients  via  e-mail 
or  a  corporate  intranet. 

Techdirt  President  Michael  Masnick,  who 
started  a  tech  e-mail  newsletter  in  1997,  is 
betting  that  CEOs,  CIOs  and  other  execs  are 


willing  to  outsource  an  element  of  their  com¬ 
petitive  research.  He  says  his  researchers 
search  through  more  than  20,000  publica¬ 
tions  daily  to  create  blog  summaries  and 
analysis  for  clients.  The  aim:  to  provide  more 
focused  content  that  a  busy  executive  other¬ 
wise  would  miss.  “Sometimes  you’re  so 
focused  on  what’s  happening  within  your 
own  company  that  your  data  filters  are  a  bit 
skewed,”  says  Masnick. 

At  document-automation  company  Scan- 
Soft,  Vice  President  of  Marketing  Michael 
Thompson  uses  Techdirt  data  for  an  in- 
house  “enterprise  blog”  of  critical  informa¬ 
tion.  Thompson  says  ScanSoft  encourages 
employees  to  check  the  blog  every  morning. 
“The  same  information  helps  my  salespeople 
and  my  CIO,”  he  adds. 


Though  Techdirt’s  services  aren’t  cheap 
(the  company  declined  to  cite  its  rates), 
Thompson  says  Techdirt  does  the  job  of 
three  or  four  employees,  and  figures  he’s 
had  real  strategic  ROI.  Others  must  agree. 
Masnick  says  his  client  list  has  doubled 
since  June.  -Matt  Villano 


2  8  CIO  MARCH  1,  2004 


www.cio.com 


witch  to  voice  over  IP  without  any  hang-ups 


'rr'  'i' V  ‘ 

[ 


Voice  over  IP  comes  with  a  lot  of  benefits.  It  also  comes 
with  a  lot  of  questions.  How  long  does  it  take?  Is  voice 
quality  sacrificed?  What  are  the  hidden  costs? 


With  Agilent,  voice  over  IP  is  an  easy  call.  Our  network 
test  and  software  solutions  monitor  performance  and 
troubleshoot  throughout  the  lifecycle.  They  also  help 
determine  the  most  cost-effective  design  to  get  you  up 
and  running.  And  once  you  get  your  network  up,  we'll  also 
help  you  manage  it.  All  this  with  virtually  no  sacrifice 
in  call  quality.  With  Agilent,  the  switch  to  voice  over  IP 
really  pays  off. 

Across  the  field  of  communications,  Agilent  delivers 
a  unique  breadth  of  experience,  from  developing 
components  and  managing  services,  to  testing  the 
infrastructure  that  supports  it  all.  And  we  build  that 
end-to-end  expertise  into  every  product  we  make. 
www.agilent.com/comms/enterprise-it  With  Agilent,  you'll  always  have  a  great  connection. 


•  •  • 

•  •• 

•  •  •  •  •  •  •  • 

*•* 


Agilent  Technologies 

dreams  made  real 


©  Agilent  Technologies.  Inc.  2004 


trendlines 


Off  the  Shelf 


Edited  by  Carol  Zarrow 


Looking  for  Leaders  in 
All  the  Right  Places 

These  two  books  show  it’s  best  to  look  around  your  office— not  to 
Tony  Soprano— for  leadership  qualities  that  matter 


CIO  Best-Seller  List 

Business  as  War:  Battling  for 
Competitive  Advantage 

By  Kenneth  Allard 
John  Wiley  &  Sons,  2003 


Growing  Your  Company’s  Leaders:  How 
Great  Organizations  Use  Succession 
Management  to  Sustain  Competitive 
Advantage 

By  Robert  M.  Fulmer  and  Jay  A.  Conger 
Amacom,  2004,  $27.95 


The  discussion  of  each  best  practice  has  an 
accompanying  case  history  and  metrics  that 
prove  it’s  a  best  practice.  If  you  believe  that 
people  are  the  key  to  any  successful  enter¬ 
prise,  then  Growing  Your  Company’s  Lead¬ 
ers  is  key  reading.  - David  Rosenbaum 


HERE’S  THE  PROBLEM:  Because  Gen  X  is 
so  much  smaller  than  the  boomer  genera¬ 
tion  that  preceded  it,  the  leadership  pool  of 
35-  to  44-year-olds  who  will  fill  corporate 
America’s  top  slots  in  the  coming  years  is 
growing  rapidly  shallower.  And  the 
.  .  _  prize  fish  in  that  shallow  pool 


o^o3^c’c 


know  very  well  that  they  are 
prize  fish,  know  they  can  go 
k  wherever  they  want  and 
don’t — for  various  reasons — 
even  know  how  to  pro- 
L  nounce  “loyalty.”  So,  if 
you  think  you’re  already 
fighting  a  war  for  the 
scarce  resource  of  leadership  tal¬ 
ent,  just  wait.  It’s  going  to  get  much  worse. 

The  solution,  according  to  Growing  Your 
Company’s  Leaders ,  is  taking  succession 
planning  seriously.  And  in  a  best- 
practice-based,  serious-minded  and 
well-reported  and  documented  book, 
authors  Robert  M.  Fulmer  and  Jay 
A.  Conger  do  just  that. 

The  book  derives  best  prac¬ 
tices  from  such  leading  com¬ 
panies  as  Bank  of  America, 

Dell,  Dow  Chemical,  Eli 
Lilly  and  Sunoco.  They  in¬ 
clude  CEO  buy-in,  simple  and 
transparent  systems  for  identifying  tal¬ 
ent,  monitoring  the  progress  of  the  fish  in 
the  pool,  and  redesigning  the  system  con¬ 
tinuously  to  avoid  bureaucratic  calcification. 


Tony  Soprano  on  Management: 
Leadership  Lessons  Inspired  by 
America’s  Favorite  Mobster 

By  Anthony  Schneider 
Berkley  Books,  2004,  $14 

WHEN  AUTHOR  Tony  Schneider  pitched 
Tony  Soprano  on  Management  to  his  pub¬ 
lisher;  it  must  have  sounded  like  a  winner — 
a  leadership  guide  that  would  differentiate 
itself  from  all  the  others  clogging  the  book¬ 
shelves  by  leveraging  the  popularity  of  the 
award-winning  HBO  crime  series-cum- 
domestic  soap  opera,  The  Sopranos.  And 
couldn’t  any  aspiring  CEO  learn  something 
from  Tony,  fictional  though  he  might  be? 
As  the  scriptwriters  have  created  him,  he’s 
an  effective  executive  who  grasps  the  big 
picture,  focuses  on  value  and 
builds  a  loyal  team. 

For  the  first  few  pages, 
the  conceit  amuses.  Pretty 
quickly,  however,  the 
reader  realizes  that  the  les¬ 
sons  Schneider  extracts  from 
the  show — make  decisions, 
stick  by  them,  communicate 
the  vision,  stay  involved — are 
trite,  and  the  fundamental  cyni¬ 
cism  of  the  book  becomes  hard 
for  the  author  to  disguise  and  for 
the  reader  to  ignore.  Tony,  after  all,  is  a 
homicidal  sociopath.  He’s  decisive  because 


Guts!  Companies  That  Blow  the  Doors 
Off  Business-As-Usual 

By  Kevin  Freiberg  and  Jackie  Freiberg 
Currency,  2003 

Purple  Cow:  Transform  Your  Business  by 
Being  Remarkable 

By  Seth  Godin 
Portfolio,  2003 


Smartest  Guys  in  the  Room:  The  Amaz¬ 
ing  Rise  and  Scandalous  Fall  of  Enron 

By  Bethany  McLean  and  Peter  Elkind 
Portfolio,  2003 

Good  to  Great:  Why  Some  Companies 
Make  the  Leap.. .and  Others  Don’t 

By  Jim  Collins 
HarperCollins,  2001 

SOURCE;  Data  from  January  2004,  compiled  by  Powell's 
Books.  Portland.  Ore. 


he  is,  for  the  most  part,  thoughtless.  He 
moves  quickly  because  he  lacks  impulse 
control.  He  focuses  on  value  because  he’s 
greedy,  a  miser.  His  team  is  loyal  in  part 
because  in  Tony’s  world  the  disloyal  don’t 
get  fired,  they  get  whacked.  As  Schneider 
heaps  praise  on  Tony’s  management  style, 
the  reader,  keeping  these  facts  in  mind, 
begins  to  grow  queasy.  What  begins  as  a 
joke  ends  as  a  rather  distasteful  exercise  in 
poor  authorial  judgment. 

Ultimately,  Tony  Soprano  on  Manage¬ 
ment  is  a  con,  a  scam  Tony  himself  might 
be  proud  of.  Which,  by  the  way,  is  not  a 
good  thing.  Fuhgeddaboudit!  -D.R. 


3  0  CIO  MARCH  1,  2004 


www. cio.com 


£2004  Lanier  Worldwide,  Inc.  All  rights  reserved 


fSfi 


^JATiSp 


:’*Af ULTlt^ 


CTIO^ 


■ 


PRESENTED  TO 

LANIER 

BY  J.D.  POWER  AM)  ASSOCIATES 


PRESENTED  TO 

LANIER 

BY  J.D.  POWER  AND  ASSOCI  ATES 

For  the  second  straight  year,  J.D.  Power  and  Associates 
ranked  Lanier  #1  in  Customer  Satisfaction. 

Call  800-551-3087  or  visit  lanier.com  to  find  out  why  J.D.  Power  and  Associates  again 
ranked  Lanier  "#1  Black  and  White  Copier/Multifunction  Product  in  Customer  Satisfaction 
among  Business  Users",  this  year  in  a  tie.  You  can  also  request  a  DOCutivity®  analysis  of 
your  company's  workflow.  Find  out  how  satisfying  document  management  can  be. 


A  RICOH  COMPANY 


J.D.  Power  and  Associates  2002-2003  Copier  Customer  Satisfaction  Studies'^ '  2003  Study  based  on  responses  from  2,963  small,  medium  and  large  business  users 
of  copiers  and  multifunction  products  in  the  first  18  months  of  ownership.  Multifunction  products  include  print,  copy,  scan  and/or  fax  functionality. 


trendlines 


Q  &  A  :  GM'S  DANIEL  MCNICHOLL 

How  GM  Cuts  IT  Operating  Costs 


How  do  you  continue  to  cut  IT  costs  when  you’ve  already  cut  to  the  bone? 

Daniel  McNicholl,  chief  strategy  officer  of  information  systems  and  services  at  General  Motors, 
explained  how  in  a  recent  interview  with  CIO  Executive  Editor  Christopher  Koch. 


Daniel  McNicholl:  “We  found  $50,000 
here,  $1  million  there.  It  added  up  to 
hundreds  of  millions  of  dollars.” 


CIO:  In  a  recent  talk,  you  said  that  in  the  past  six  years  your  overall 
IT  budget  at  GM  has  gone  down  from  $5  billion  to  about  $3  billion. 
Daniel  G.  McNicholl:  But  the  investment  part  of  the  budget  has 
gone  up.  Break  the  total  IT  budget  into  two  major  areas— invest¬ 
ment  and  operating  cost.  We  were  focused  on  reducing  operating 
cost  and  using  that  as  fuel  to  put  into  investments  for  both  new 
applications  and  new  infrastructure,  and  giving  money  back  to  the 
company.  For  every  dollar  you  save,  you  put  a  third  in  on  applica¬ 
tions,  a  third  on  infrastructure  and  give  a  third  back  to  the  boss. 


How  did  you  do  that? 

First,  everyone  in  IT  has  to  make  [cost  cutting]  a  primary  objective. 
When  I  ran  GM  North  America,  we  would  have  weekly  and  monthly 
meetings  on  seeking  out  what  our  cost-saving  opportunities  were 
and  tracking  the  status.  If  you  don’t  make  it  as  important  as  creating 
new  capabilities,  as  talking  about  new  technologies,  it  won’t  hap¬ 
pen.  Now  typically  how  do  you  get  it?  Competitively  pricing  things 
by  putting  things  up  to  bid.  That’s  very  powerful.  Try  not  to  get 
locked  into  vendors  where  your  choices  are  limited. 


When  I  first  joined  GM  North  America,  we  had  1,200  Lotus 
Notes  servers  scattered  across  the  entire  organization.  Now  I  have 
100  in  four  locations  doingthe  same  thing.  Now  imagine  how 
much  labor  it  took  to  support  1,200  servers  scattered  all  around 
versus  100  in  four  locations.  Consolidation  of  back-room  opera¬ 
tions  is  key.  Standardization:  Instead  of  buying  five  different  tools 
to  do  the  same  thing,  go  to  one  vendor  and  negotiate  the  best 
price.  And  then  we  have  general  trends  working  in  our  favor.  Every 
year  the  PC  costs  go  down  and  storage  goes  down.  So  it’s  a  combi¬ 
nation  of  procurement  and  structural  reductions. 

Don’t  you  run  out  of  initiatives  like  consolidation  and  standardiza¬ 
tion?  How  do  you  keep  extending  these  cost  reductions? 

Every  year  you  have  investment  and  operating  costs.  Some  of  the 
investment  you  make  this  year  is  next  year’s  operating  cost.  So 
you’re  always  having  this  opportunity  to  go  after  an  operating 
cost— which  last  year  was  an  investment— as  a  new  area  to  reduce 
cost.  Combine  that  with  improvements  in  technologies  and 
dropping  prices,  and  there’s  more  opportunity.  But  this  is  the  part 
that  people  forget  about:  One  year's  investment  is  the  next  year’s 
operating  cost. 

At  GM’s  scale,  that  gives  you  a  lot  of  opportunity  each  year. 

But  is  it  purely  scale? 

Everyone  has  that  same  picture.  I  think  what  has  separated  us  has 
been  the  key  emphasis  we  placed  on  it  from  1996.  When  I  first  got 
to  GM  and  set  the  cost-reduction  targets,  my  people  said  there’s  no 
way  to  do  this.  So  we  set  up  a  project  for  the  cost  reductions  called 
Project  Alexander  (after  Alexander  the  Great  and  his  untying  of  the 
Gordian  knot).  Every  month  we  got  together  and  came  up  with  a 
list  of  small  reductions  and  big  reductions.  We  brainstormed  and 
made  it  a  major  part  of  our  agenda.  The  message  was:  Guys,  just 
do  it.  We  found  that  $50,000  here,  $1  million  there,  and  at  the  end 
of  the  year  that  added  up  to  hundreds  of  millions  of  dollars. 

So  you  set  cost  reduction  up  as  a  project  as  you  would  a  software 
development  project? 

Yeah.  We  just  kept  one  large  list  and  just  kept  tracking  it  [every 
month].  We  realized  that  we  should  track  things  vertically  as  well 
as  horizontally.  Every  one  of  my  supported  CIOs  would  have  their 
own  lists,  but  some  things  you’d  try  to  do  across  everyone,  and 
there  would  be  someone  on  my  staff  driving  that.  So  each  CIO  has 
a  list,  plus  the  operations  director  has  a  list  of  what  he’s  supposed 
to  drive  for  everyone  else. 

To  read  more  about  General  Motors’  IT  management  structure, 
read  " GM's  Matrix  Reloads"  at  www.cio.com/printlinks. 


3  2  CIO  MARCH  1,  2004 


www.cio.com 


PHOTO  BY  KEVIN  MIYASAKI 


CIO  ENTERPRISE 
VALUE  AWARDS' 


The  Resource  for 
Information  Executives 


As  an  executive  who  has  built  or  utilized  an  IT  system  that 
delivers  both  demonstrable  ROI  and  strategic  value  to  your 
organization,  you  deserve  recognition  and  praise. 

Now  in  its  13th  year,  the  CIO  Enterprise  Value  Award  will 
bring  you,  your  company  and  your  IT  organization  the 
industry  prestige  you  deserve. 


Download  the  application 
from  our  website  at 

www.cio.com/eva 

or  contact  Lynne  Rigolini 
at  (888)  455-4646. 

Deadline  for  entry: 

May  1,2005 


trendlines 


On  the  Move 


By  Meridith  Levinson 


After  Vendor  Stint,  It’s  Back  to 
CIO  Role  for  Brownell 


WHEN  I  SPOKE  with  Jim  Brownell  back  in 
July  2003,  he  was  frustrated  with  the  CIO 
role  and  by  the  way  many  companies  were 
treating  IT.  He  saw  them  putting  the  CIO 
and  the  IT  team  in  a  general  contractor’s 
role,  solely  responsible  for  a 
project’s  outcome,  with  busi¬ 
ness  managers  reluctant  to 
share  any  credit  or  blame — a 
bad  approach,  he  lamented. 

“We  can’t  be  the  project 
owners  because  we  often  don’t 
have  the  authority  to  effect 
change  in  the  business,”  he  said 
then.  “By  making  IT  the  project 
owner;  the  business  puts  IT  in  a 
role  [where]  it  can’t  succeed.” 


at  Escalate,  Brownell  got  a  call  from  a 
friend  at  Coldwater  Creek,  a  women’s 
clothing  retailer.  Would  he  be  interested  in 
the  CIO  job  there? 

Four  months  later,  Brownell  went  to  work 
for  Coldwater  Creek.  And  not 
only  is  he  back  in  the  role  he 
criticized,  but  he’s  reporting  to 
the  company’s  CFO. 

Brownell,  46,  cites  four  rea¬ 
sons  for  his  turnaround: 

■  The  ability  to  drive  results. 
Getting  away  from  the  CIO 
position  helped  Brownell  realize 
that  despite  its  frustrations,  the 
CIO  role  is  gratifying.  As  a 
CIO,  he  feels  that  he  can  add 


Brownell  had  other  complaints.  Cost 
pressures  forced  CIOs  to  make  short¬ 
sighted  IT  investments.  More  CIOs 
reported  to  COOs  and  CFOs.  Many  exec¬ 
utives  didn’t  see  the  CIO’s  complex  role. 

Those  perceptions  directed  Brownell’s  job 
search  last  spring.  After  leaving  Williams- 
Sonoma,  he  received  offers  from  companies 
looking  for  CIOs  but  found  them  unap¬ 
pealing.  Instead,  he  became  senior  vice  pres¬ 
ident  and  general  manager  at  retail  software 
vendor  Escalate.  “As  I  looked  at  my  options, 
I  felt  that  Escalate  was  the  best  tiling  for  me 
to  do  at  the  time,”  he  told  me.  (Brownell 
repeated  his  concerns  in  our  Oct.  15  cover 
story,  “The  Incredible  Shrinking  CIO.”) 

Then,  about  six  weeks  after  he  started 


value  to  a  company  and  see  his  work’s 
results.  “When  you’re  on  the  software  side,” 
says  Brownell,  “you  don’t  get  to  enjoy  the 
benefits  because  you’re  [always]  onto  the 
next  thing.”  Not  only  that,  but  the  CIO  role 
is  easier  than  selling  software  in  a  down 
economy,  Brownell  notes. 

Brownell’s  experience  is  not  unusual. 
“Folks  can  think  that  in  moving  to  a  com¬ 
pany  that’s  more  technology-minded,  they’re 
going  to  escape  from  the  toughness  of  the 
CIO  role,  but  the  technology  stuff  is  the  easy 
part,”  says  H.  Michael  Burgett,  president  of 
CIO  Partners,  an  Atlanta  recruiter.  “Building 
influence  and  leading  organizational  change 
is  where  most  folks  are  lacking.  That’s  what 
he  may  be  discovering.” 


i!  I 


Patricia  Morrison  (right),  CIO  of  Office  Depot,  was  made  a  director  at  fabric  and 
craft  retailer  Jo-Ann  Stores.  Sheila  Beauchesne  left  her  position  as  SVP  and  CIO 

of  Martha  Stewart  Living  Omnimedia  to  be  CIO  at  Bluegreen,  a  Florida-based  real 
estate  developer  (Beauchesne  is  on  CIO's  editorial  advisory  board).  Furniture  retailer 
The  Bombay  Co.  hired  former  Accenture  partner  Lucretia  Doblado  as  senior  VP  and  CIO. 


EXPERIENCE 
November  2003-Present 

SVP  and  CIO,  Coldwater  Creek 

May  2003-0ctober  2003 

SVP  and  GM,  Escalate 

November  2000-0ctober  2002 

SVP  and  CIO,  Williams-Sonoma 

February  2000-November  2000 

VP  of  IT,  Toysrus.com 

August  1995- January  2000 

VP  of  Supply  Chain  Systems,  Gap 

June  1994-July  1995 

Group  VP  and  CIO,  J.  Crew 

July  1979-May  1994 

VP  of  Distributed  Systems,  Gap 


EDUCATION  San  Francisco  State  Univ. 


■  Familiar  turf.  Before  joining  Escalate, 
Brownell  spent  24  years  in  retail  IT  man¬ 
agement  (see  resume,  above).  The  new  job 
meant  he  wouldn’t  have  to  learn  a  new 
business  model — and  he  had  a  lot  of  expe¬ 
rience  that  a  growing  company  would  need. 

■  Upward  indicators.  During  his  talks  with 
Coldwater  CFO  Mel  Dick  and  CEO  Den¬ 
nis  Pence,  Brownell  says  he  learned  that  the 
retailer  supports  an  IT  strategy  that  fits  a 
growing  enterprise.  (The  onetime  catalog- 
only  merchant  plans  to  open  more  than  40 
stores  in  fiscal  2004.) 

■  A  CFO  on  the  same  page.  Before  accepting 
the  job,  Brownell  says  he  told  Dick  that 
CIOs  who  report  to  CFOs  often  lack  author¬ 
ity.  Dick,  who  was  acting  CIO,  told  Brownell 
he  imderstood  that  view.  Dick  says  his  time 
in  IT  “gave  me  a  better  appreciation  of  the 
day-to-day  activities  on  the  operations  side  of 
IT.  It’s  much  easier  for  me  to  understand 
some  of  the  challenges  that  [Brownell]  faces.” 
Brownell  says  that  he  has  the  CEO’s  ear  as 
an  executive  committee  member. 

Burgett  says  Brownell’s  career  turn  indi¬ 
cates  a  new  understanding  about  the  CIO 
role:  “The  problem  is  not  so  much  the  job 
but  how  the  company  views  it.” 


3  4 


CIO  MARCH  1,  2004 


www.cio.com 


I 


PHOTO  TOP  BY  ANDY  FREEBERG 


'•  ••  • 


■  ■ 


Some  IT  projects  are  just  dead  weight. 
At  a  million  dollars  an  ounce. 


it's  worth  figuring  out  which  ones. 


PeopleSoft  ESA  helps  you  balance  IT  project  investments  to  deliver  the  greatest  value  to  your  business. 

PeopleSoft  ESA  for  IT  is  the  solution  to  improve  IT  governance,  and  ensure  your  organization  is  properly 
aligned  with  the  company's  overall  business  objectives.  Bring  discipline  to  project  evaluation  and  approval. 
Report  back  to  business  owners  cost-effectively  and  in  real  time.  Adjust  rapidly  to  changes  in  business  priorities, 
and  optimize  your  people,  projects  and  processes  for  the  overall  success  of  the  business.  Learn  more  by  visiting 
us  at  www.peoplesoft.com/goto/esa  or  call  1  888  773  8277. 


PeopleSoft 


Enterprise  Service  Automation 


©2004  PeopleSoft.  Inc.  PeopleSoft  is  a  registered  trademark  of  PeopleSoft,  Inc. 


trendlines 


Michelangelo  Virus:  Big 
Threat,  Little  Damage 

March  6, 1992  A  pastor  in 

Georgia  booting  up  his  computer  to  write 
his  church  newsletter.  A  couple  of  PCs  at  an 
AT&T  office  in  New  Jersey.  A  Boston 
University  lab  computer.  Hundreds  of  PCs, 
including  an  estimated  750  computers 
used  by  pharmacists  in  South  Africa,  lose 
data  and  disk  drives  after  a  virus  timed  to 
act  on  Michelangelo’s  birthday  strikes  their 
PCs,  The  New  York  Times  reports. 

It  could  have  been  worse.  The  virus, 
created  by  an  unknown  malicious  code 
writer,  spreads  via  infected  floppy  disks  and 
heightens  public  awareness  about  the 
reliance  on  IBM-compatible  PCs  as 
business  desktop  tools— and  the  potential 
impact  for  lost  work.  Security  specialists 
beg  PC  users  to  scan  their  machines  with 
antivirus  software.  But  while  observers 
credit  these  efforts  with  preventing  a 
worldwide  virus  outbreak,  it  doesn’t  help  a 
civil  engineering  firm  in  Japan,  which  tells 
the  Reuters  news  agency  that  it  has  lost  up 
to  $30,000  in  architectural  drawings  and 
data  on  three  PCs.  A  spokesman  says,  "It 
was  a  lot  of  work.  We’re  furious." 


BO 

N 

lid 

F 

ATTACHMENTS 

People  have  been  working  on 
fighting  the  MyDoom  worm. 

But  there’s  also  what’s  called 

PEBKAC— which 
stands  for  ‘problem 
exists  between  key¬ 
board  and  chair.’ 

You’ve  got  to  pay  attention  to 
the  user. 

-Lloyd  Taylor,  VP  of  technology  and  operations, 

Keynote  Systems 


ASK 


THE 


SOURCE 


Fixes  for  Your 
Underperforming  Staff 


SO,  HOW  DO  YOU  find,  fix  or 
fire  your  poor  performers? 

That’s  the  question  we  asked 
in  the  Nov.  1,  2003,  cover 
story  (see  article  at 
www.cio.com/printlinks).  We 
then  asked  Dick  Grote,  presi¬ 
dent  of  Grote  Consulting,  a 
management  consultancy  spe¬ 
cializing  in  performance  appraisal,  to 
answer  your  questions  online.  Here’s  a 
sample  of  what  you  asked  and  what  he 
answered. 

Q:  Are  there  approaches  to  get  people  to 
face  the  reality  that  they  are  not  as  good 
as  they  think  they  are? 

A:  Remember  this:  It’s  your  opinion  that 
counts,  not  theirs.  You’re  the  boss.  The 
purpose  of  the  conversation  about  their 
performance  (or  lack  of  it)  is  not  to  get 
their  agreement.  They’ll  never  agree. 

The  purpose  is  to  get  their  understand¬ 
ing.  The  best  way  is  to  state  your  opin¬ 
ion  bluntly:  “I’ve  got  some  bad  news  for 
you,  Sam.  I’ve  been  reviewing  your  per¬ 
formance  and,  quite  frankly,  it  isn’t  very 
good.  Let’s  talk  about  what  you  need  to 
do  if  you  want  to  keep  your  job.”  That’s 
a  perfect  opening. 

Q:  In  our  office,  the  slacker  is  the  boss’s 
friend.  How  can  I  address  this? 

A:  Make  it  in  your  boss’s  best  interest  to 
support  your  style  of  management. 
Describe  to  the  boss  how  the  individ¬ 
ual’s  monkey  business  is  making  the 
boss  look  bad.  Then  offer  your  solu¬ 
tion,  maybe  a  discussion  with  you  and 
your  boss  confronting  the  individual,  or 
your  boss’s  agreement  to  back  you  up 
when  you  lower  the  boom.  But  what- 


Get  More  Fixes 


Dick  Grote  is  president  of  Grote  Consult¬ 
ing,  a  management  consultancy  specializ¬ 
ing  in  performance  appraisal,  and  author 
of  several  books  on  performance 
appraisal.  To  read  all  the  questions  and 
answers,  go  to  www.cio.com/experts. 

cio.com 


ever  it  may  be,  make  sure  to  get 
your  boss  in  your  corner. 

Q:  Management  thinks  that  in 
the  best  interest  of  the  team,  all 
members— in  spite  of  their 
performance  levels— should  get 
equal  opportunities.  But  as  a 
worker,  lack  of  managerial 
recognition  kills  my  morale. 

A:  What  you’ve  described  is  one  of  the 
primary  manifestations  of  managerial 
cowardice — the  belief  that  a  manager 
should  treat  everyone  the  same.  Those 
who  benefit  from  this  treatment  are  the 
weeds  of  the  organization’s  garden,  and 
when  they  discover  that  their  manager 
isn’t  going  to  do  any  more  for  the  best 
performers  than  for  his  worst,  they  get 
on  the  phone  and  call  all  their  weedy 
little  friends  to  come  down  to  the 
employment  office.  The  primary  job  of 
management  is  to  discriminate.  Not 
based  on  race  or  age  or  sex,  but  on 
performance.  Good  managers  play 
favorites — they  heap  rewards  on  those 
who  get  the  job  done. 

Q:  Within  a  forced-ranking  system,  how 
do  you  compare  contributions  of  a  DBA, 
developer  and  network  administrator? 
Their  roles  are  different,  but  they  must 
be  treated  as  IT  employees  when  it 
comes  to  ranking. 

A:  Make  sure  that  the  criteria  you’ve 
chosen  for  your  forced-ranking  system 
cover  more  than  just  how  well  they  do 
the  various  tasks  listed  in  their  job 
descriptions.  Is  teamwork  important  to 
your  company?  Make  sure  you  use  that 
as  a  criterion.  Is  having  a  positive 
attitude  a  competency  you  value?  Put 
that  among  your  forced-ranking 
criteria.  Too  often,  organizations  put 
up  with  insolence  and  attitude  because 
the  person  has  terrific  technical  skills. 
Forced-ranking  systems  can  help  you 
spot  and  remove  those  who  cover  their 
technical  tracks  but  make  life  miserable 
for  those  around  them. 


3  6  CIO  MARCH  1,  2004 


www.cio.com 


MAKE  LINUX 

faqtfr 

MAKE  SOLARIS 

paste  r 

MAKE  YOUR  BUSINE 

FASTER. 


,  I 
wife 


. 


Introducing  AMD  Opteron  Servians 


for 


Sun  Fire™  V20z  servers  feature  screaming  AMD  Opteron  proa 
Solaris  Operating  System  up  to  45%  faster  than  comparable 

Add  the  Sun  Java™  Enterprise  System  ~  Sun’s  entire  infrastrucfL 
Sun  Storage  and  Services  to  experience  the  full  Sun  systems  ad 
extreme  performance  at  compelling  prices. 


^powering 
p^temsV. ; ' 

portfolio  of  i 


T<m£r «w»  ,.«»» . .»*»  Jg»'J 


L^<ZST$^tfsS5G£^ 


I#1"* 


•r* 


L 


pjff T  FOR  SUN  AND  AMD  OPTERON  AT 

SUN.C0M/V20Z 

%  I  800.SUN.0404* 


%  . 


*%>Sun 

microsystems 

The  Network  is  the  Computer 

?xissk~m 


1.  BASED  ON  TESTS  WITH  AMD  S  OPTERON  VS.  3.2  GHZ  XEON  RUNNING  LINUX,  AMD  OPTERON  RAN  45%  FASTER  ON  SPECWEB  99SSL  -  BASED  ON  PUBLISHED  DATA  FROM  WWW.SPEC.ORG  1/22/04.  FOR  SOLARIS,  OS 
MICROBENCHMARKS  PERFORMED  AN  AVERAGE  42%  FASTER  ON  AN  AMD  OPTERON  PROCESSOR  MODEL  246  (2.0  GHZ)  BASED  SYSTEM  COMPARED  TO  A  3.2  GHZ  XEON  SYSTEM.  2.  PRICING  IS  U.S.  LIST  PRICE.  ALL  PRICES 
QUOTED  ARE  IN  U.S.  DOLLARS.  *  TOLL-FREE  NUMBER  AVAILABLE  IN  THE  UNITED  STATES,  CANADA  AND  INTERNATIONAL  AMERICAS  ONLY. 

©2004  SUN  MICROSYSTEMS,  INC.  ALL  RIGHTS  RESERVED.  SUN,  SUN  MICROSYSTEMS,  THE  SUN  LOGO,  SOLARIS,  THE  SOLARIS  LOGO,  JAVA,  THE  JAVA  LOGO,  AND  “THE  NETWORK  IS  THE  COMPUTER”  TAGLINE  ARE 
TRADEMARKS  OR  REGISTERED  TRADEMARKS  FOR  SUN  MICROSYSTEMS,  INC.  IN  THE  UNITED  STATES  AND  OTHER  COUNTRIES.  AMD,  THE  AMD  ARROW  LOGO,  AMD  OPTERON  AND  COMBINATIONS  THEREOF,  ARE 
TRADEMARKS  FOR  ADVANCED  MICRO  DEVICES,  INC. 


Small  Medium  Business 

Reliable  solutions  built 
around  your  business. 

No  matter  what  business  you've  built. 


For  IT  solutions  you  can  count  on,  you  can  count  on  Dell.  From  PowerEdge™  servers  featuring  Intel®  Xeorf 
processors  to  network  support  products  like  PowerVault™  storage  and  PowerConnecf  switches,  Dell  offers 
flexible,  high-performance  industry-standard  technologies  and  software  solutions  that  are  just  right  for  your 
particular  business  needs.  And  we'll  help  you  every  step  along  the  way.  Whether  it's  planning  and  design,  testing 
and  validation,  systems  management,  or  our  award-winning  24x7  service  and  support,  Dell  will  help  you  create 
a  customized  IT  infrastructure  that's  easy  to  choose,  deploy  and  manage.  So  make  life  easy  on  yourself  and  get 
a  big  advantage  over  your  competition  -  with  a  reliable  IT  solution  from  Dell. 


PC  Magazine  Editors'  Choice  Award 

PowerEdge  1750 
-  October  28, 2003 


Call:  M-F  7a-8p  Sat  8a-5p,  CT 

Pricing,  specifications,  availability  and  terms  of  offer  may  change  without  notice.  Taxes  and  shipping  charges  extra,  and  vary  and  not  subject  to  discounts.  U.S.  Dell  Small  Business  new  purchases  only.  Dell  cannot  be  held  responsible  for  errors  in  typography  or 
photography.  'This  device  has  not  been  approved  by  the  Federal  Communications  Commission  for  use  in  a  residential  environment.  This  device  is  not,  and  may  not  be,  offered  for  sale  or  lease,  or  sold  or  leased  for  use  in  a  residential  environment  until  the  approval 
of  the  FCC  has  been  obtained.  Service  may  be  provided  by  third  party.  Technician  will  be  dispatched  following  phone-based  troubleshooting.  Subject  to  parts  availability,  geographical  restrictions  and  terms  of  service  contract.  Service  timing 
dependent  upon  time  of  day  call  placed  to  Dell.  U.S.  only.  'DDR  333  memory  runs  at  320MHz  when  used  with  800MHz  FSB  processors.  'Monthly  payment  based  on  pre-rebate  price  for  48-month  60  Days  Same-as-Cash  QuickLoan  with  46  payments  at  9.99%  i 
merest  rate.  Your  interest  rate  and  monthly  payment  may  be  same  or  higher,  depending  on  your  creditworthiness.  If  you  do  not  pay  the  balance  within  60  days  of  the  QuickLoan  Commencement  Date  (which  is  five  days  after  product  ships),  interest  will  accrue 
during  those  first  60  days  and  a  documentation  fee  may  apply.  OFFER  VARIES  BY  CREDITWORTHINESS  OF  CUSTOMER  AS  DETERMINED  BY  LENDER.  Minimum  transaction  size  of  S500  required.  Maximum  aggregate  financed  amount  for  the  paperless 


File&Print  Servers 
starting  at  $399 

Affordable  servers  that  make 
managing  your  network  easy. 

POWEREDGE™  400SC  SERVER 

POWEREDGE™  650*  RACK  SERVER 

Small  Business  Value  Server 

•  Intel®  Pentium®  4  Processor  at  2.26GHz 

•  Upgradable  to  Intel®  Pentium®  4  Processor  at  3.20GHz 
with  800MHz  Front  Side  Bus3' 

•  256MB  400MHz  ECC  DDR  SDRAM  (Up  to  4GB) 

•  40GB  (7200  RPM)  IDE  Hard  Drive 

•  Upgradable  to  240GB  of  Internal  Hard  Drive  Storage 

•  Embedded  Intel®  PRO  Gigabit50  NIC 

•  1-Yr  24x7  Dedicated  Server  Phone  Tech  Support 

•  1-Yr  Next  Business  Day  On-Site  Service3 

•  Small  Business  Pricing 

1U  Value  Rack  Server 

•  Intel®  Pentium®  4  Processor  at  2.60GHz 

•  Upgradable  to  Intel®  Pentium®  4  Processor  at  3.06GHz 

•  512MB  266MHz  ECC  DDR  SDRAM 

•  Upgradable  to  4GB  of  ECC  DDR  SDRAM 

•  40GB  (7200  RPM)  IDE  Hard  Drive 

•  Upgradable  to  240GB  of  Internal  Hard  Drive  Storage 

•  ATA100  IDE  RAID  Controller  Available 

•  Intel®  PRO  Gigabit50  NIC 

•  3-Yr  Next  Business  Day  On-Site  Service3 

•  Small  Business  Pricing 

VI  ffc  as  low  as  $18/mo.,  (46  pmts?0) 

E-VALUE  Code:  20668- S20206g 

as  low  as  $37/mo.,  (46  pmts.30) 

|qj(J  E-VALUE  Code:  20668-S20213g 

Database&Web  Hosting  Servers 
starting  at  $1699 

Flexible  server  solutions  to 
manage  diverse  networks. 

POWEREDGE™  2600  TOWER  SERVER 


Multi-Use  Tower  Server 

•  Intel®  Xeon”  Processor  at  2.40GHz 

•  Dual  Intel®  Xeon"  Processor  Capable  (Up  to  3.20GHz) 

•  512MB  266MHz  ECC  DDR  SDRAM 

•  Upgradable  to  12GB  of  ECC  DDR  SDRAM 

•  Dual  18GB  (15K  RPM)  Ultra320  SCSI  Hot-Swap  Hard  Drives 

•  RAID  1  Included 

•  Active  ID  Bezel  for  Monitoring  System  Health 

•  3-Yr  Next  Business  Day  On-Site  Service3 

•  Small  Business  Pricing 

as  low  as  $63/mo.,  (46  pmts?0) 

OH «  E  VALUE  Code:  20668-S20223g 


POWEREDGE™  1750*  RACK  SERVER 


Feature-Rich  1U  Rack  Server 

•  Intel®  Xeon”  Processor  at  2.40GHz 

•  Dual  Intel®  Xeon"  Processor  Capable  (Up  to  3.20GHz) 

•  1GB  266MHz  ECC  DDR  SDRAM 

•  Upgradable  to  8GB  of  ECC  DDR  SDRAM 

•  3x1 8GB  (15K  RPM)  Ultra320  SCSI  Hot-Swap  Hard  Drives 

•  RAID  5  Included 

•  Active  ID  Front  Bezel  for  Monitoring  System  Health 

•  3-Yr  Next  Business  Day  On-Site  Service3 

•  Small  Business  Pricing 

as  low  as  $73/mo„  (46  pmts?0) 

E-VALUE  Code:  20668-S20226g 


Services 

Purchase 


Dell  offers  a  wide  range  of  reliable,  award-winning 
technology,  all  delivered  from  a  single  point  of  contact  - 
and  our  expert  sales  associates  are  there  to  help  you  find 
the  technology  that's  right  for  your  business. 


Installation-Starting  at  $279 


Once  you've  selected  the  right  technology,  Dell 
can  help  you  get  it  up  and  running  quickly  and 
cost-effectively  with  our  custom  on-site  installation 
and  configuration  services. 


Training&Certification— Starting  at  SlOO/person 


After  installation,  Dell  can  help  turn  your  employees  or  IT 
staff  into  experts  on  your  new  technology  through  a 
variety  of  training  and  certification  courses  -  helping 
increase  your  business'  long-term  productivity. 


Service&Support 


The  support  doesn’t  end  at  the  sale.  Dell's  award-winning 
service  and  support  offerings  help  ensure  that  your  new 
network  remains  up  and  running  -  with  Web,  phone  or 
on-site  service3  and  support. 


4-Way  Servers  Network  Storage  Options  Network  Switches 

Build  a  powerful,  protected  network.  Starting  at  $199  starting  at  $79 


POWEREDGE'  6600*  TOWER  SERVER 


High-Speed  Mission  Critical  Tower  Server 

•  Intel®  Xeon"  Processor  at  1 ,50GHz 

•  Quad  Intel®  Xeon"  Processor  Capable  (Up  to  2.80GHz) 

•  512MB  ECC  DDR  SDRAM 

•  Up  to  32GB  266MHz  ECC  DDR  SDRAM 

•  Up  to  1752GB  Maximum  Internal  HDD  Storage 

•  Embedded  Ultra  SCSI  Adaptec®  (160MB/s)  Controller 

•  Standard  Hot-Swap  Hard  Drives,  Hot-Swap  Redundant 
Fans  and  Hot-Swap  Redundant  Power  Supplies 

•  10  Hot-Plug  PCI-X  Slots 

•  3-Yr  Next  Business  Day  On-Site  Service3 

starting  at 

as  low  as  $107/mo„  (46  pmts.30) 

E-VALUE  Code:  20668- S20239g 


POWERVAULT™  725N  NAS 


Optimized  File  Storage  Across  the  LAN 

•  Intel®  Celeron®  Processor  at  2GHz 

•  Microsoft®  Windows®  Powered  Network  Attached  Storage 

•  384MB  DDR  SDRAM  (Up  to  3GB) 

•  4x40GB  (160GB)  IDE  Hard  Drives 

•  Up  to  1  Terabyte  of  Internal  Storage  Capacity 

as  l°w  as  $49/mo.,  (46  pmts30) 

/  WmJ  E-VALUE  Code: 20668- S20217g 


DELL/EMC 


If  you  have  more  than  300GB  of  storage,  visit 

www.dell.com/storage4mybiz  for  low  prices  on 
Dell/EMC  storage  arrays. 


POWERCONNECT™  3324*  SWITCH 


High-Performance  Workgroup  Switch 

•  24  Fast  Ethernet  Ports  plus  2  Gigabit  Uplinks  (2  Copper 
and  2  SFP  Transceiver  Combo  Slots  for  Fiber) 

•  Stacking  Functionality  of  Up  to  192  Ports 

•  Advanced  Network  Management  and  Security  Features 

•  Industry  Standard  CLI  and  Easy-to-Use  Web  Interface 

•  3-Yr  Next  Business  Day  Advanced  Exchange 
Service53  Standard 

$  A  A  Q  as  'ow  as  $12/mo„  (46  pmts30) 

E-VALUE  Code:  20668- S10204 


Solutions  that  fit.  Easy  as 


D0LL 


Click  www.dell.com/bizsolutions  Call  1-800-757-8429 


acceptance  not  to  exceed  $25,000.  If  your  order  exceeds  $25K,  a  Dell  Financial  Services  rep  will  contact  you  to  process  your  documentation.  Taxes,  fees  and  shipping  charges  are  extra  and  may  vary.  Not  valid  on  past  orders  or 
financing.  QuickLoan  arranged  by  CIT  Bank  to  Small  Business  customers  with  approved  credit.  ’"This  term  indicates  compliance  with  IEEE  standard  802.3ab  for  Gigabit  Ethernet,  and  does  not  connote  actual  operating  speed  of  1  GB/sec. 
For  high-speed  transmission,  connection  to  a  Gigabit  Ethernet  server  and  network  infrastructure  is  required.  “Technician,  replacement  part  or  unit  (depending  on  service  contract)  will  be  dispatched,  if  necessary,  following  phone-based 
troubleshooting  in  advance  of  receipt  of  returned  defective  unit.  Service  may  be  provided  by  third-party  provider.  Subject  to  parts  availability,  geographical  restrictions  and  terms  of  service  contract.  Service  timing  dependent  upon  time 
of  day  call  placed  to  Dell.  Defective  unit  must  be  returned.  Replacements  may  be  refurbished.  U  S.  only.  Dell,  the  stylized  E  logo,  E-Value,  PowerEdge,  PowerConnect  and  PowerVault  are  trademarks  of  Dell  Inc.  Intel,  Intel  Inside,  the 
Intel  Inside  logo,  Intel  Xeon,  the  Intel  Xeon  logo,  Pentium  and  Celeron  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  ©2004  Dell  Inc.  All  rights  reserved. 


GO 

Online  For 
Latest  Prices 
and  Weekly 
^  Promotions ) 


Reality  Bytes 

A  Cold  Look  at  Hot  Trends 


Wall  of 
No  Sound 

The  recording  industry  is  trying  to  stop  people 
from  listening  to,  talking  about  and  sharing  music. 

Yeah.  That  makes  a  lot  of  sense. 

BY  JULIE  HANSON 

I  AM  A  CRIMINAL.  At  least,  according  to  the  Recording  Industry 
Association  of  America  (RIAA)  I  am. 

This  is  how  it  happened. 

A  friend  told  me  to  check  out  a  fairly  new  group,  My  Morn¬ 
ing  Jacket,  a  country-rock  band  that  sounds  a  bit  like  the  All- 
man  Brothers.  But  before  I  plunked  down  15  bucks  to  buy  the 
group’s  CD,  I  wanted  to  hear  the  songs,  and  My  Morning 
Jacket  is  not  a  band  that’s  being  promoted  by  a  big  record 
label.  They’re  not  on  MTV;  they’re  not  in  heavy  rotation  on  the 
radio.  So  the  only  way  to  hear  them  is  to  go  online. 

Using  P2P  technology,  I  downloaded  a  few  songs  off  their 
new  album.  It  was  pretty  easy.  First,  I  logged  on  to  the  music 
file-sharing  website  Kazaa.  Soon  enough,  the  network  found 
tracks  from  the  band’s  new  album,  It  Still  Moves ,  opening  a 
gateway  between  my  hard  drive  and  a  hard  drive  somewhere 
storing  the  new  tracks.  Within  minutes,  I  was  downloading. 

The  recording  industry  calls  this  theft. 

Well,  maybe  it  is.  But  because  I  was  able  to  hear  My  Morn¬ 
ing  Jacket,  I  ended  up  buying  a  $12  ticket  to  its  show  when  the 
band  came  through  town.  And  I  convinced  three  people  to 


come  with  me.  I  also  gave  the  tracks  to  other  friends.  Next 
time  the  band  comes  around,  they’ll  go  to  the  concert. 

I  think  that’s  good  for  the  music  business. 

The  RIAA  doesn’t  agree. 

Stop,  in  the  Name  of  Profits 

The  recording  industry  blames  people  like  me  for  a 
14  percent  decline  in  its  revenue  since  1999.  It’s  so  torqued  off 
about  all  this  that  it’s  filed  more  than  900  lawsuits  since  last 
September.  Included  in  those  suits,  Brianna  LaHara,  a  12-year- 
old  living  in  public  housing,  settled  a  lawsuit  with  the  RIAA  for 
$2,000  after  admitting  copyright  infringement. 

The  RIAA  has  Web  crawlers  searching  the  Internet  24/7  for 
thieves  like  me  and  LaHara.  Using  the  Digital  Millennium 
Copyright  Act,  the  RIAA  subpoenaed  ISP  Verizon,  demand¬ 
ing  that  it  provide  user  contact  information.  My  contact  infor- 


4  0  CIO  MARCH  1,  2004 


www.cio.com 


ILLUSTRATION  BY  DAN  PAGE 


Microsoft 


The  meeting  has  been  changed.  We  think 
you’ll  like  this  location  much  better. 


or  3,000  miles  apart,  now  you  can  collaborate  as  if  you’re  all  at  the  same  table, 
to  Microsoft®  Office  Live  Meeting.  The  new  service  that  lets  you  meet  with  groups  of  2  up  to 
thout  leaving  your  desk.  With  just  a  phone,  a  PC  and  an  Internet  connection  you  can  hold  quick, 
iptu  staff  meetings,  discuss  trends  with  fellow  IT  professionals,  even  roll  out  new  technology 
tives  enterprise-wide.  All  in  real  time. 

Plus,  it’s  a  hosted  service  so  there  are  no  costly  infrastructure  changes  or  headaches  for  your  IT  department. 
It’s  a  big  part  of  what  makes  the  new  Microsoft  Office  System  so  different.  See  for  yourself.  You’ll  save  time, 
save  money  and  maybe  even  earn  yourself  the  title  of  office  superhero. 


■ 


Try  it  today.  Get  30  days  of  service,  on  us.  Visit  www.microsoft.com/liveonline 


start  meeting 


Simply  log  in  and  dial  in  and 
collaborate  like  never  before 


■ 


Can  support  multiple  presenters  and  concurrent 
meetings  with  up  to  2,500  participants  per  session 


9  layers  of  security,  SSL  service 
and  128-bit  encryption 


Microsoft  Office 


n  * 

□□Live  Meeting 


A  PlaceWare  Service 


Reality  Bytes 


mation.  The  RIAA  lost  that  suit  last  December  when  the  U.S. 
Court  of  Appeals  for  the  District  of  Columbia  struck  down  a 
lower-court  ruling  that  forced  ISPs  to  reveal  the  identity  of  any 
Internet  subscriber  accused  of  music  piracy.  But  that  loss  hasn’t 
discouraged  the  RIAA,  which  says  the  remedies  it’s  seeking  in 
the  courts  are  necessary  to  preserve  its  business  model. 

Nice  model.  How’s  it  working  out  for  them? 

By  their  own  admission,  not  very  well. 

Meanwhile,  the  artists  are  saying  we’re  taking  money  out  of 
their  pockets.  Something  tells  me  Britney  will  be  OK. 

As  the  recording  industry  attempts  to  fight  us  with  litiga¬ 
tion  and  legislation,  technologies  that  facilitate  our  activities 
continue  to  flood  the  market — from  Apple’s  iPod  to  sites  like 
Kazaa,  which  still  exists  despite  these  lawsuits. 


The  RIAA  says  the  remedies  it’s  seeking  in  the 
courts  are  necessary  to  preserve  its  business 
model.  Nice  model.  How’s  it  working  out  for 
them?  By  their  own  admission,  not  very  well. 


The  history  of  what  happens  when  special  interests  try  to 
halt  social  trends  through  legislation  and  prosecution  is  not 
good.  The  1 8th  Amendment,  for  example,  didn’t  do  much  to 
stop  people  from  drinking,  but  it  did  give  organized  crime  a  ter¬ 
rific  foothold  in  American  society,  one  it  still  enjoys  today. 

Set  Me  Free  Why  Don’t  Ya,  Babe? 

No  matter  how  many  12-year-olds  the  RIAA  sues,  people  are 
going  to  download  free  music.  And  whether  litigation  will 
reduce  downloading  remains  to  be  seen.  Shortly  after  the  RIAA 
began  suing,  illegal  downloading  did  slow  (by  almost  60  per¬ 
cent,  according  to  research  firm  Music  Forecasting).  But  recent 
reports  now  show  an  upswing.  According  to  The  NDP  Group, 
a  marketing  research  firm,  the  number  of  households  down¬ 
loading  music  files  rose  14  percent  last  fall. 

I  look  at  it  like  this:  Let  me  listen  to  new  music;  if  I  like  what 
I  hear,  I  will  support  the  band  and  spread  the  word.  According 
to  Music  Forecasting,  40  percent  of  consumers  who  download 
from  the  Internet  do  so  to  aid  their  purchasing  decisions. 

If  the  RIAA  were  to  work  with  some  of  these  online  sites, 
guarantee  me  a  good  selection  along  with  easy,  secure  down¬ 
loads,  I  just  might  be  willing  to  pay  a  small  fee  for  access.  If  the 
recording  industry  supported  one  platform,  people  would  have 
greater  access  to  their  catalogs. 

There’s  some  promise  in  new  pay-per-song  sites;  however, 
they’re  not  sponsored  by  the  music  industry  but  by  software 


companies.  Apple’s  iTunes  boasts  more  than  500,000  songs  at 
a  cost  of  99  cents  each,  but  Kazaa  has  twice  as  many — and 
they’re  free.  Plus,  I  have  Windows  98,  and  iTunes  needs  at  least 
Windows  2000  to  function,  so  it’s  a  service  I  can’t  even  use. 
Kazaa  works  fine  on  Windows  98  and  even  Windows  95. 

Turn  and  Face  the  Change 

In  addition  to  working  for  CIO,  I  work  in  a  record  store.  I 
also  write  music  reviews  for  a  local  newspaper.  I  know  what 
music  is  out  there.  The  vast  majority  of  the  public  does  not.  All 
they  know  is  what  the  record  industry  is  paying  through  the 
nose  to  market  on  television  and  radio.  But  if  the  industry 
embraced  P2P  technology,  it  could  expand  and  diversify  its 
audience  at  minimal  cost.  Instead  of  spending  money  on 
lawyers,  why  not  spend  it  on  new  technology? 

GartnerG2  Research  Director  of  Media 
Mike  McGuire  agrees.  “The  RIAA  is  trying  to 
put  the  technology  genie  back  in  the  bottle,”  he 
says.  “People  like  to  share  music.  When  the 
industry  sees  this  as  a  benefit  and  a  tool  rather 
than  an  obnoxious  side  effect  of  P2P,  that’s 
when  we  make  the  breakthrough.” 

As  a  mass-market  entity,  the  recording 
industry  shouldn’t  be  turning  people  off,  says 
John  Perry  Barlow,  cofounder  of  the  Electronic  Frontier  Foun¬ 
dation,  a  group  working  to  protect  civil  liberties  relating  to 
technology,  and  a  former  lyricist  for  the  Grateful  Dead. 
“They’re  standing  in  the  way  of  a  more  diverse  market  being 
developed,”  he  says.  “They  own  the  traditional  distributing 
systems  but  are  blocking  new  distributing  systems.” 

The  Grateful  Dead  is  a  prime  example  of  a  band  that  found 
success  by  bucking  the  rules.  Not  only  did  the  Dead  allow 
concertgoers  to  plug  right  into  their  sound  system,  record  and 
then  trade  live  shows,  they  encouraged  it. 

On  the  surface,  this  made  no  sense.  The  band  was  compet¬ 
ing  with  its  own  record  sales.  But  what  it  was  actually  doing 
was  building  a  fan  base  that  continuously  recruited  new  fans. 
The  result  was  a  band  that  became  a  consistent  seller  for  its 
record  company  and  provided  a  good  living  for  its  members. 

The  fact  that  I  downloaded  a  few  tracks  from  My  Morning 
Jacket’s  newest  album,  sold  a  few  concert  tickets  that  might 
otherwise  not  have  been  sold  and  created  a  few  new  fans  are 
facts  the  RIAA  should  figure  out  how  to  leverage,  not  prevent. 

After  all,  I’m  not  a  criminal.  I’m  a  fan  and  perhaps,  if  han¬ 
dled  with  care,  an  unpaid  marketer. 

I’m  the  person  the  RIAA  should  be  catering 
to,  not  suing.  SE1 

Editorial  Operations  Specialist  Julie  Hanson  can  be 
reached  (but  not  by  the  RIAA)  at  jhanson@cio.com. 


4  2 


CIO  MARCH  1,  2004 


www.cio.com 


PHOTO  BY  ALBERTO  CAP0UN0 


. 


Stop  focusing 


i  want  to 


what’s  attacking  my  servers 


and  Start  focusing  on  attacking  new  markets 


Start  expanding  securely  with  Intrusion  Prevention  Solutions  from  McAfee  Security. 

By  combining  System  Protection  and  Network  Protection  Solutions,  the  McAfee®  Security  Protection-in-DepthT  strategy  secures 
your  business  from  the  desktop,  to  the  network,  to  the  server— the  mission-critical  heart  of  your  IT  infrastructure.  Add  our  Intrusion 
tevention  technologies  and  you  can  start  preventing  known  and  unknown  threats  rather  than  merely  detecting  them.  Which 
means  you  can  think  a  little  less  about  security,  and  more  about  securing  new  markets.  Start  today  at  start.mcafeesecurity.com 

Because  security  is  not  just  about  what  you  can  stop. 


Network  Associates 


) 

■ 

i 

\f  l 

■  ! 

1 

Jack  Keen  I  Real  Value 

Practical  Counsel  for  Capturing  IT  Value 


Avoiding  the 

TCO  Trap 


Using  the  total  cost  of  ownership  metric  is  a 
good  way  to  measure  costs  but  a  bad  way  to 
analyze  the  full  business  value  of  IT  investments 


GREAT  CONTRIBUTIONS  to  civilization  inevitably  bring  great  capacity 
for  misuse.  The  highly  popular  management  concept  of  TCO, 
or  total  cost  of  ownership,  is  no  exception.  TCO  is  a  good 
way  to  measure  systems  costs — but  not  overall  business  value. 
Unfortunately,  too  many  shops  willingly  allow  TCO  to  sub¬ 
stitute  for  a  solid  business  value  analysis  as  input  into  IT  invest¬ 
ment  prioritization  decisions.  Any  chance  your  shop  is 
unintentionally  throwing  these  decision-making  curveballs? 
Let’s  take  a  closer  look  at  the  real  nature  of  TCO  and  the  role 
it  should  play  in  IT  selection  decisions. 

On  the  surface,  total  cost  of  ownership  is  a  great  analysis 
tool,  a  relatively  straightforward  and  easy  way  to  understand 
and  approach  getting  a  better  handle  on  the  true  IT  costs  of 
competing  IT  investments.  But  beneath  TCO’s  veneer  of  finan¬ 
cial  respectability  lies  a  process  that  is  easily  abused.  Not 
because  the  concept  of  TCO  is  fundamentally  flawed.  The 
problem  is  that  TCO  has  become  so  popular  that  its  cost- 
oriented  analysis  is  becoming  a  substitute  for  the  more  rele¬ 
vant  (but  more  analytically  challenging)  full  value  analysis.  The 
latter  concept  is  crucial  if  proposed  technology  investments  are 


to  be  correctly  assessed  and  prioritized. 

TCO  is  just  one  slice  of  the  value  pie  because  TCO  addresses 
only  one  of  several  building  blocks  that  make  up  what  I  call  Full 
Business  Value  (FBV).  Full  Business  Value,  essentially  the  entire 
worth  inherent  in  a  business  investment,  has  four  components: 
systems  efficiency,  systems  effectiveness,  business  efficiency  and 
business  effectiveness.  TCO’s  focus,  as  practiced  by  most  peo¬ 
ple  today,  is  primarily  one  of  systems  efficiency.  That  means 
TCO  is  only  one-fourth  of  the  complete  value  story. 

TCO  has  become  popular  because  it  cleverly  flushes  out 
valid  IT-related  costs  that  have  been  overlooked  for  decades. 
For  example,  according  to  Gartner,  the  lifetime  cost  of  a  PC  can 
be  more  than  five  times  its  acquisition  cost.  This  eye-opening 
assertion  is  based  on  a  thorough  consideration  of  the  complete 
cost  of  not  only  obtaining  the  PC  but  operating,  supporting 
and  maintaining  it  during  its  lifetime.  As  this  important  concept 


44  CIO  MARCH  1,  2004 


www.cio.com 


ILLUSTRATION  BY  BRIAN  STAUFFER 


A  NETWORK  OUTAGE  THREATENS 
TO  SHUT  DOWN  GLOBAL  DISTRIBUTION 


STAFF  HAS  2  HOURS  TO  FIND 
<  THE  PROBLEM. 


wthcrm 


CAN  YOUR  SOFTWARE  KEEP  BUSINESS  FROM  DISAPPEARING? 


Business  Service  Management  solutions  from 
BMC  Software®  can.  In  fact,  they  let  you  predict 
critical  performance  problems  and  resolve  them 
before  they  ever  impact  your  business.  And  you 
can  prioritize  IT  management,  investments  and 
resource  allocations  to  optimize  your  business 
performance.  So  you  can  solidly  align  your  IT 
investments  with  strategic  business  goals. 


And  protect  the  delivery  of  vital  business  services 
like  sales,  customer  service,  online  transactions, 
logistics  and  distribution — whatever  is  most 
critical  to  your  company's  success.  It's  enterprise 
management  software  that  works  with  your  existing 
IT  resources  to  let  you  manage  what  matters  from 
a  business  perspective  and  execute  with  precision. 
Find  out  how  at  www.bmc.com/bsm46 


©  2004  BMC  Software  Inc. 


<bmcsoftware 


Jack  Keen  I  Real  Value 


took  hold,  project  sponsors  and  business  case  creators  who 
used  TCO  to  assess  lifecycle  costs  were  heaped  with  praise. 
Finance  directors,  especially,  were  pleased  that  TCO  identified 
these  outlays,  in  clear  and  easily  measurable  terms.  TCO 
momentum  grew  as  commentators  sacrificed  acres  of  trees, 
tons  of  ink  and  billions  of  pixels  supporting  TCO’s  seductive 
appeal.  Rather  than  accepting  the  challenge  of  assessing  harder- 
to-measure  and  more  controversial  types  of  benefits — such  as 
higher  quality  processes,  faster  time-to-market,  more  satisfied 
customers  and  happier  employees — many  finance  and  IT  man¬ 
agers  locked  into  a  tight  TCO  embrace  and  began  to  apply 
TCO  as  the  complete  justification  for  IT  investments. 

But  here’s  an  example  of  how  TCO  can  uncover  important 
benefits  yet  fall  short  in  describing  total  value.  Suppose  we  feel 
compelled  to  justify  a  server  and  network  upgrade,  in  the  face 


By  using  Full  Business  Value — not  just  TCO — to  justify  IT 
investments,  you  may  not  only  uncover  additional  benefits  that 
make  the  business  case,  but  you  may  also  boost  IT’s  enterprise 
credibility  by  showing  the  non-IT  executives  that  IT  fully  under¬ 
stands  the  scope  of  the  company’s  operations. 

If  you  suspect  that  TCO  may  be  misused  in  your  organiza¬ 
tion,  here  are  three  suggestions  that  can  help  you  get  the  value 
analysis  right. 

1  Detect.  Be  alert  to  signs  that  you  are  too  dependent  on 
TCO  for  analysis.  Warnings  include:  TCO  is  more  than 
25  percent  of  any  value  analysis  and  business  case  effort; 
TCO  talk  (rather  than  business  value  talk)  dominates  value 
analysis  discussions;  the  terms  TCO  and  ROI  are  used  inter¬ 
changeably;  revenue-side  benefits  and  intangibles  are  not  used 

in  business  case  justifications. 


The  problem  is  that  total  cost  of  ownership  has 
become  so  popular  that  its  cost-oriented  analysis 
is  becoming  a  substitute  for  the  more  relevant  (but 
more  analytically  challenging)  full  value  analysis. 


2 


of  heavy  pressure  for  IT  to  reduce — rather  than  expand — equip¬ 
ment  outlays.  Using  TCO’s  “systems  efficiency”  focus,  we  cap¬ 
ture  all  lifetime  costs  related  to  acquisition,  installation, 
operation,  support  and  maintenance  of  the  server  and  network 
upgrade  option.  Thus,  if  investment  option  A  (status  quo)  costs 
virtually  nothing  to  acquire  (it’s  already  in  place),  but  costs 
more  to  use  on  a  daily  basis  than  option  B  (upgraded  servers 
and  networks),  our  analysis  will  capture  and  quantify  these 
factors.  Similarly,  TCO  will  capture  such  items  as  cost  and  risk 
of  downtime  as  well  as  the  maintenance  and  support  costs.  So 
far,  so  good.  We  now  have  a  defensible  cost  analysis. 

But  what  is  the  total  business  value  of  our  upgrade  to  the  com¬ 
pany?  To  find  out,  we  need  to  add  three  non-TCO  components 
of  Full  Business  Value  to  our  analysis.  For  the  “systems  effective¬ 
ness”  component,  we  could  quantify  factors  such  as  the  ability  to 
bring  on  entirely  new  applications,  such  as  CRM,  because  the 
new  servers  and  networks  would  have  the  needed  functionality 
and  capacity.  For  the  “business  efficiency”  aspect  of  value,  we 
might  include  the  value  of  our  reduced  sales-force  travel  costs 
because  of  better,  faster  data  from  the  advanced  CRM  solution 
made  possible  by  an  improved  server  and  network  infrastructure. 
For  the  fourth  component,  “business  effectiveness,”  we  could 
examine  the  tangible  and  intangible  value  of  having  a  sales  force 
capable  of  introducing  more  new  products  faster,  again  because  of 
the  capabilities  of  this  advanced  CRM  system. 


Recruit.  If  you  feel  a  TCO-focus 
problem  may  exist,  search  out 
executive  peers  and  other  key 
influences  to  gain  their  support  for  an 
enterprisewide  value-culture  upgrade.  Ask 
for  their  help  in  convincing  guardians  of 
the  investment  decision-making  process 
that  while  TCO  plays  an  important  role, 
there  is  much  more  required.  Remind  those  who  hesitate  that 
visible,  defensible  and  solid  enterprise  investment  decision¬ 
making  is  a  foundation  of  good  IT  and  corporate  governance  (for 
example,  Sarbanes-Oxley),  Six  Sigma  quality  processes  and 
related  initiatives. 


3 


Embed.  Once  you  have  political  support  for  this  value 
analysis  makeover,  establish  and  embed  the  FBV  view 
within  your  company’s  IT  investment  decision-making 
processes.  Flelp  your  IT  selection  committee  insert  these  FBV 
explanations  in  their  requirements  for  business  case  input. 
Develop  business  case  templates,  complete  with  clear  documen¬ 
tation  that  visibly  request  such  input,  and  explain  how  to  find  it. 
Establish  value  analysis  training,  complete  with  lots  of  examples 
of  good  and  bad  practices.  Lastly,  publicize  early  successes  and 
look  for  ways  to  fine-tune  the  process  as  it  goes  forward. 

TCO  can  uncover  important  benefits — but  not  total  value.  As 
with  any  good  idea  that  has  the  potential  to  run  amuck,  taking  the 
time  to  use  TCO  appropriately  is  a  key  step  to  success.  Sd 


Jack  Keen  is  president  of  IT  consultancy  The  Deciding 
Factor  ( www.decidingfactor.com )  and  coauthor  of 
Making  Technology  Investments  Profitable:  ROI  Road 
Map  to  Better  Business  Cases.  He  can  be  reached  at 
jkeen@decidingfactor.com. 


4  6 


CIO  MARCH  1,  2004 


www.cio.com 


Your  company 
turns  to  you  for 
infrastructure 
security. 

Sof  where  can  you  turn? 

Security  is  a  primary  concern  for  all  of  us.  That's  why  we've  developed  an  array  of  new  tools  and  guidance,  centralized 
at  microsoft.com/security/IT.  It's  a  resource  you  can  turn  to  for  timely  news,  education,  and  tools,  all  intended  to  help 
you  better  plan  and  manage  the  security  strategy  that's  right  for  your  company. 


Take  advantage  of  the  latest  tools  and  training  at  microsoft.com/security/IT. 


Free  Security  Training 

Register  for  free  security  management  training, 
including  a  Security  Summit  in  a  city  near  you,  weekly 
security  Webcasts,  and  in-depth  e-learning  designed 
to  help  you  improve  your  security  infrastructure. 

Free  Tools  and  Updates 

Streamline  patch  management  with  free  tools 
such  as  Microsoft®  Software  Update  Services. 
Download  software  like  Microsoft  Baseline  Security 
Analyzer  to  verify  that  your  systems  are  configured 
to  maximize  security. 


Free  Emergency  Notifications 

Sign  up  to  stay  up-to-date  with  the  latest 
vulnerability  assessments,  mitigation  advice,  and 
patch  availability. 

Free  Security  Guidance  Kit 

Evaluate  detailed  guidance  and  templates, 
then  pre-order  your  free  CD-ROM  with  roadmaps 
and  how-to  guides.  Learn  how  measures  like 
automating  security  patch  installation  and 
blocking  unsafe  e-mail  attachments  can  help 
better  protect  your  organization. 


Go  to  microsoft.com/security/IT 


For  ongoing  guidance  to  help  better  plan  and  manage  your 
company's  IT  security,  go  to  microsoft.com/securitv/IT  today. 


Microsoft 


©  2004  Microsoft  Corporation.  All  rights  reserved.  Microsoft  is  a  registered  trademark  of  Microsoft  Corporation  in  the  United  States  and/or 
other  countries.  The  names  of  actual  companies  and  products  mentioned  herein  may  be  the  trademarks  of  their  respective  owners. 


Cover  Story  Software  Quality 


Wl 


U.S.  CIOs  want  to  do  business  with  offshore 
companies  with  high  CMM  ratings.  But  some 
outsourcers  exaggerate  and  even  lie  about  their 
Capability  Maturity  Model  scores. 


AS  SOON  AS  SHE  WALKED  INTO  THE  MEETING,  JANE  SMITH  KNEW 

that  the  executive  on  the  other  side  of  the  desk  wanted  to  buy 
something  that  Smith  wasn’t  supposed  to  sell:  a  trumped  up 
ratingfor  the  executive's  software  development  division  so  that 
his  company  could  qualify  to  bid  on  contracts  from  the  United 


ZD 

x 


States  Department  of  Defense. 

Smith  (not  her  real  name)  is  one  of  a 
select  group  of  experienced  IT  pros,  called 
lead  appraisers,  who  go  into  companies  and 


assess  the  effectiveness  of  their  software 


Reader  ROI 

►  Why  CIOs  should  never  take 
CMM  ratings  at  face  value 

►  How  to  find  out  if  your  serv¬ 
ice  provider  really  can  lay 
claim  to  that  Level  5  rating 

►  Why  there  is  often  no  such 
thing  as  an  “enterprise  CMM 
rating” 

www.cio.com  •  MARCH  1,  2004  CIO  49 


Cover  Story  |  Software  Quality 


development  processes  on  a  scale  from  1  (utter 
chaos)  to  5  (continuously  improving)  under 
a  system  known  as  the  Capability  Maturity 
Model,  or  CMM.  The  company  she  was  vis¬ 
iting  wanted  to  move  up  to  Level  2,  but  based 
on  some  initial  discussions,  Smith  knew  that 
the  company  was  a  1 .  Level  1  describes  most 
of  the  software  development  organizations  in 
the  world:  no  standard  methods  for  writing 
software,  and  little  ability  to  predict  costs  or 
delivery  times.  Project  management  consists 
mostly  of  ordering  more  pizza  after  midnight. 

After  a  few  initial  niceties,  the  executive 
leaned  across  the  table  to  Smith  and  another 
lead  appraiser  who  had  accompanied  her  to 
the  meeting  and  asked,  “How  much  for  a 
Level  2?” 

“That’s  when  I  got  up  and  left 
the  room,”  Smith  recalls.  “The 
other  appraiser  stayed.  And  the 
company  got  its  rating.” 

The  stakes  for  a  good  CMM 
assessment  have  gotten  only 
higher  since  Smith’s  close 
encounter  with  corruption  some 
10  years  ago.  Today,  many  U.S. 
government  agencies  in  addition 
to  the  DoD  insist  that  companies 
that  bid  for  their  business  obtain 
at  least  a  CMM  Level  3  assess¬ 
ment — meaning  the  development 
organization  has  a  codified, 
repeatable  process  for  an  entire 
division  or  company.  CIOs 
increasingly  use  CMM  assess¬ 
ments  to  whittle  down  the  lists  of 
dozens  of  unfamiliar  offshore 
service  providers — especially  in 
India — wanting  their  business. 

For  CIOs,  the  magic  number  is  5, 
and  software  development  and 
services  companies  that  don’t 
have  it  risk  losing  billions  of  dol¬ 
lars  worth  of  business  from 
American  and  European  corpo¬ 
rations. 

“Level  5  was  once  a  differen¬ 
tiator,  but  now  it  is  a  condition  of 
getting  into  the  game,”  says  Den¬ 
nis  Callahan,  senior  vice  presi¬ 


dent  and  CIO  of  Guardian  Life  Insurance. 
“Having  said  that,  there  are  some  Level  3  or  4 
startups  that  we  might  consider,  but  they  have 
a  lot  more  convincing  to  do  before  I  would  do 
business  with  them.  They  would  be  at  a  disad¬ 
vantage.” 

With  CIOs  increasingly  dependent  on  out¬ 
side  service  providers  to  help  with  software 
projects,  some  have  come  to  view  CMM  (and 
its  new,  more  comprehensive  successor, 
CMM  Integration,  or  CMMI)  as  the  USD  A 
seal  of  approval  for  software  providers.  Yet 
CIOs  who  buy  the  services  of  a  provider 
claiming  that  seal  without  doing  their  own 
due  diligence  could  be  making  a  multimillion- 
dollar,  career-threatening  mistake. 

That’s  because  software  providers  routinely 


exaggerate  their  assessments,  leading  CIOs  to 
believe  that  the  entire  company  has  been 
assessed  at  a  certain  level  when  only  a  small 
slice  of  the  company  was  examined.  And  once 
providers  have  been  assessed  at  a  certain  level, 
there  is  no  requirement  that  they  test  them¬ 
selves  ever  again — even  if  they  change  dra¬ 
matically  or  grow  much  bigger  than  they  were 
when  they  were  first  assessed.  They  can  con¬ 
tinue  to  claim  their  CMM  level  forever. 

Worse,  some  simply  lie  and  say  they  have  a 
CMM  assessment  when  they  don’t.  And 
appraisers  say  they  occasionally  hear  about 
colleagues  who  have  had  their  licenses  revoked 
because  of  poor  performance  or  outright 
cheating  in  making  assessments. 

Yet  CIOs  who  want  to  check  up  on  CMM 
rating  claims  are  out  of  luck. 
There  is  no  organization  that  ver¬ 
ifies  such  claims.  Furthermore, 
the  Software  Engineering  Insti¬ 
tute  (SEI),  which  developed 
CMM  and  is  principally  funded 
by  the  DoD,  will  not  release  any 
information  about  companies 
that  have  been  assessed,  even 
though  appraisers  are  required  to 
file  records  of  their  final  assess¬ 
ments  with  the  institute. 

As  American  and  European 
companies  stampede  offshore  to 
find  companies  to  do  their  devel¬ 
opment  work,  they  first  need  to 
understand  what  CMM  ratings 
really  mean.  Yet  few  CIOs 
bother  to  ask  crucial  questions, 
say  IT  industry  analysts  and  the 
service  providers  themselves. 
“Not  even  10  percent  of  cus¬ 
tomers  ask  for  the  proof  of  our 
CMM,”  says  V.  Srinivisan,  man¬ 
aging  director  and  CEO  of  ICICI 
Infotech,  an  Indian  software 
services  provider  that  claims  a 
Level  5  certification.  “They 
inevitably  take  it  for  granted,  and 
they  don’t  ask  for  the  details.” 

CIOs  who  don’t  ask  for  the 
details  will  not  be  able  to  distin¬ 
guish  between  companies  that 


The  Five 
Levels  of 


Level 


Company  has  no  standard  process  for  software  development. 
Nor  does  it  have  a  project-tracking  system  that  enables  devel¬ 
opers  to  predict  costs  or  finish  dates  with  any  accuracy. 


Level  Two 


Company  has  installed  basic  software  management  processes 
and  controls.  But  there  Is  no  consistency  or  coordination  among 
different  groups. 


Level  Three 


Company  has  pulled  together  a  standard  set  of  processes  and 
controls  for  the  entire  organization  so  that  developers  can  move 
between  projects  more  easily  and  customers  can  begin  to  get 
consistency  from  different  groups. 


Level  Four 


In  addition  to  implementing  standard  processes,  company  has 
installed  systems  to  measure  the  quality  of  those  processes 
across  all  projects. 


Level  Five 


Company  has  accomplished  all  of  the  above  and  can  now  begin 
to  see  patterns  in  performance  over  time,  so  it  can  tweak  its 
processes  in  order  to  improve  productivity  and  reduce  defects  in 
software  development  across  the  entire  organization. 


50  CIO  MARCH  1,  2004  •  www.cio.com 


PHOTO  BY  MARK  VAN  S 


simi 


CIO  of  Guardian  Life  Insurance,  says  offshore  outsourcers  must  now 
have  a  Level  5  CMM  rating  to  get  into  the  game. 


www .c/o .com  •  MARCH  1,  2004  CIO  51 


are  using  CMM  in  the  spirit  it  was  intended — 
as  a  powerful,  complex  model  for  continuous 
internal  improvement — and  those  that  are 
simply  going  through  the  motions  to  qualify 
for  business.  Buying  by  the  CMM  number 
alone  could  mire  CIOs  in  the  same  problems 
that  caused  them  to  look  offshore  in  the  first 
place:  high  costs,  poor  quality  and  shattered 
project  timetables — not  to  mention  the  loss  of 
thousands  of  U.S.  IT  jobs. 

“When  you  talk  about  something  simple 
like  a  number  and  lots  of  money  is  involved, 
someone’s  going  to  cheat,”  says  Watts 
Humphrey,  the  man  who  led  the  development 
of  CMM  and  is  currently  a  fellow  at  the  SEI. 
“If  CIOs  don’t  know  enough  to  ask  the  right 
questions,  they  will  get  hornswoggled.  ”  (For  a 
list  of  the  best  questions  to  ask,  see  “Twelve 
Critical  Questions,”  Page  52.) 

Where  CMM  Comes  From 

The  CMM  was  a  direct  response  to 
the  Air  Force’s  frustration  with  its 
software  buying  process  in  the 
1980s.  The  Air  Force  and  other 
DoD  divisions  had  begun  farming  out  increas¬ 
ing  amounts  of  development  work  and  had 
trouble  figuring  out  which  companies  to  pick. 
Carnegie  Mellon  University  in  Pittsburgh  won 
a  bid  to  create  an  organization,  the  SEI,  to 
improve  the  vendor  vetting  process.  It  hired 
Humphrey,  IBM’s  former  software  develop¬ 
ment  chief,  to  participate  in  this  effort  in  1 9 8 6 . 

Humphrey  decided  immediately  that  the 
Air  Force  was  chasing  the  wrong  problem. 
“We  were  focused  on  identifying  competent 
people,  but  we  saw  that  all  the  projects  [the 
Air  Force]  had  were  in  trouble — it  didn’t  mat¬ 
ter  who  they  had  doing  the  work,”  he  recalls. 
“  So  we  said  let’s  focus  on  improving  the  work 
rather  than  just  the  proposals.” 

The  first  version  of  CMM  in  1987  was  a 
questionnaire  designed  to  identify  good  soft¬ 
ware  practices  within  the  companies  doing  the 
bidding.  But  the  questionnaire  format  meant 
that  companies  didn’t  have  to  be  good  at  any¬ 
thing  besides  filling  out  forms.  “It  was  easy  to 
cram  for  the  test,”  says  Jesse  Martak,  former 
head  of  a  development  group  for  the  defense 
contracting  arm  of  Westinghouse,  which  is 


now  owned  by  Northrop  Grumman.  “We 
knew  how  to  work  the  system.” 

So  the  SEI  refined  it  in  1991  to  become  a 
detailed  model  of  software  development  best 
practices  and  added  a  group  of  lead  apprais¬ 
ers,  trained  and  authorized  by  the  SEI,  to  go 
in  and  verify  that  companies  were  actually 
doing  what  they  said  they  were  doing.  The 
lead  appraisers  head  up  a  team  of  people  from 
inside  the  company  being  assessed  (usually 
three  to  seven,  depending  on  the  size  of  the 
company).  Together,  they  look  for  proof  that 
the  company  is  implementing  the  policies  and 
procedures  of  CMM  across  a  “representa¬ 
tive”  subset  (usually  10  percent  to  30  percent) 
of  the  company’s  software  projects.  The  team 
also  conducts  a  series  of  confidential  inter¬ 
views  with  project  managers  and  develop¬ 


ers — usually  during  the  course  of  one  to  three 
weeks  and,  again,  depending  on  the  size  of  the 
organization — to  verify  what’s  really  hap¬ 
pening.  It’s  a  tough  assignment  for  the  internal 
people  on  the  team  because  they  are  being 
asked  to  tattletale  on  their  colleagues. 

“It  can  be  very  stressful  for  the  [internal] 
assessment  team,”  says  a  lead  appraiser  who 
asked  to  remain  anonymous.  “They  have 
conflicting  objectives.  They  need  to  be  objec¬ 
tive,  but  the  organization  wants  to  be  assessed 
at  a  certain  level.” 

David  Constant,  a  lead  appraiser  and  part¬ 
ner  with  Process  Inc.,  a  software  projects  con¬ 
sultancy,  recalls  assessing  a  company  where  all 
the  developers  had  been  coached  by  manage¬ 
ment  on  what  to  say.  “I  had  to  stop  the  inter¬ 
views  and  demand  to  see  people  on  an  ad  hoc 


Cover  Story  |  Software  Quality 


basis,  telling  the  company  who  I  wanted  to 
speak  to  just  before  each  interview  began,” 
Constant  recalls.  “And  the  sad  part  was  that 
they  didn’t  need  to  coach  anybody.  They  would 
have  easily  gotten  the  level  they  were  looking 
for  anyway — they  were  very  good.  ” 

The  new  model  is  much  tougher  to  exploit 
than  the  original  questionnaire.  In  1991, 
Westinghouse’s  Martak  recalls  telling  his  man¬ 
agement:  “This  is  a  different  ball  game  now.  If 
you  have  a  good  lead  appraiser,  you  can’t  fake 
it  out.”  Martak  led  his  group  to  a  Level  4 
assessment  and  eventually  became  a  lead 
appraiser  himself. 

The  depth  and  wisdom  of  the  CMM  itself 
is  unquestioned  by  experts  on  software  devel¬ 
opment.  If  companies  truly  adopt  it  and  move 
up  the  ladder  of  levels,  they  will  get  better  at 
serving  their  customers  over  time,  according 
to  anecdotal  evidence.  But  a  high  CMM  level 
is  not  a  guarantee  of  quality  or  performance — 
only  process.  It  means  that  the  company  has 
created  processes  for  monitoring  and  manag¬ 
ing  software  development  that  companies 
lower  on  the  CMM  scale  do  not  have.  But  it 


does  not  necessarily  mean  those  companies 
are  using  the  processes  well. 

“Having  a  higher  maturity  level  significantly 
reduces  the  risk  over  hiring  a  [company  with  a 
lower  level],  but  it  does  not  guarantee  any¬ 
thing,”  says  Jay  Douglass,  director  of  business 
development  at  the  SEI.  “You  can  be  a  Level  5 
organization  that  produces  software  that  might 
be  garbage.” 

That  assessment  is  borne  out  by  a  recent 
survey  of  89  different  software  applications 
by  Reasoning,  an  automated  software  inspec¬ 
tion  company,  which  on  average  found  no  dif¬ 
ference  in  the  number  of  code  defects  in 
software  from  companies  that  identified 
themselves  on  one  of  the  CMM  levels  and 
those  that  did  not.  In  fact,  the  study  found  that 
Level  5  companies  on  average  had  higher 
defect  rates  than  anyone  else.  But  Reasoning 
did  see  a  difference  when  it  sent  the  code  back 
to  the  developers  for  repairs  and  then  tested  it 
again.  The  second  time  around,  the  code  from 
CMM  companies  improved,  while  the  code 
from  the  non-CMM  companies  showed  no 
improvement. 


Truth  in  Advertising 

Stories  about  false  claims  abound. 

Ron  Radice,  a  longtime  lead 
appraiser  and  former  official  with 
the  SEI,  worked  with  a  Chicago 
company  that  was  duped  in  2003  by  an  off¬ 
shore  service  provider  that  falsely  claimed  to 
have  a  CMM  rating.  “They  said  they  were 
Level  4,  but  in  fact  they  had  never  been 
assessed,”  says  Radice,  who  declined  to  name 
the  guilty  provider. 

When  done  correctly,  CMM  is  a  costly,  time- 
consuming  effort.  The  average  time  for  a  com¬ 
pany  to  move  from  Level  1  to  Level  5  is  seven 
years,  and  the  expense  of  building  a  really 
robust,  repeatable  software  development  pro¬ 
cess  with  project  and  metric  tracking  is  many 
times  the  cost  of  a  CMM  assessment  (which 
alone  costs  about  $100,000).  For  small  com¬ 
panies  short  on  funds  and  staff,  or  startups,  for¬ 
going  business  while  building  a  software  process 
capable  of  receiving  a  Level  5  assessment  may 
seem  more  risky  than  fudging  a  number — espe¬ 
cially  when  your  customers  don’t  know  enough 
to  ask  about  it.  And  mature  companies  that 


Twelve  Critical 


l*  v/i  iuvui  to  distinguish  between  the  companies  that  are 

Q  exaggerating  their  CMM  claims  and  those  that 

_ _ i? _ _ . _ 4.  LJ _ 


are  focused  on  real  improvement.  Here’s  the  list. 


1 .  WHO  WAS  THE  APPRAISER? 


How  many  Level  5  assessments 
has  he  done?  (If,  for  example,  the  appraiser  had  never  evaluated 
a  Level  5  company  before,  he  will  not  be  well  qualified  to  know 
what  a  Level  5  company  really  looks  like.) 

"Enterprise 


2 .  WHAT  PART  OF  THE  COMPANY  WAS  TESTED? 


CMM”  companies  may  have  had  10  percent  or  less  of  their  proj- 


Levels  1  through  4,  or  fewer  than  one  year  between  Levels  4 
and  5,  that  does  not  fit  with  the  average.  Check  the  company  out 
further. 


5.  WHERE  IS  YOUR  EVIDENCE  OF  CONTINUOUS  IMPROVE¬ 


MENT? 


CMM  Level  5  means  continuous  improvement— make 


ects  assessed  to  get  the  level. 


the  company  show  you  its  improvement  history. 


% 


3 .  HOW  LONG  AGO  WAS  THIS  DONE? 


If  it’s  more  than  two  years 
old,  chances  are  it  has  little  meaning  because  the  company  will 
have  changed  and,  in  the  case  of  offshore  companies,  may  have 
grown  many  times  the  size  it  was  when  assessed. 


If  it’s  fewer  than  two  years  between 


Ask  to  meet  the  quality 
organization  that  monitors  and  audits  the  process,  and  make 
sure  it  isn’t  ghettoized.  There  should  be  more  than  a  handful  of 
people,  and  they  should  have  the  power  in  the  organization  to 
change  things.  They  should  report  directly  to  the  CEO,  and  the 
company  should  link  the  quality  system  to  executive  accounta¬ 
bility  and  compensation. 


already  have  a  high  CMM  level  may  not  want 
to  risk  the  disruption,  cost  and  potential  disap¬ 
pointment  of  getting  assessed  again  regularly. 

Officials  at  the  SEI  deny  that  companies  are 
exaggerating  or  lying  about  their  CMM  claims. 

“There  is  no  one  who  will  declare  ‘We  are 
CMM  Level  3  as  an  organization,’”  says  the 
SEI’s  Douglass.  “They’ll  say  they  are  Level  3  in 
this  development  center  or  that  product  group.  ” 

Not  true.  A  quick  Nexis  search  revealed  four 
companies — Cognizant,  Patni,  Satyam  and 
Zensar — claiming  “enterprise  CMM  5,”  with 
no  explanation  of  where  the  assessments  were 
conducted  or  how  many  projects  were  assessed, 
or  by  whom.  Dozens  more  companies  trumpet 
their  CMM  levels  with  little  or  no  explanation. 

Indeed,  all  of  the  services  companies  we 
interviewed  for  this  story  claimed  that  their 
CMM  assessments  applied  across  the  company 
when  in  fact  only  10  percent  to  30  percent  of 
their  projects  were  assessed.  That’s  partly 
because  experts  say  that  assessing  every  proj¬ 
ect  at  a  big  company  would  be  too  unwieldy 
and  expensive. 

Yet  few  of  those  same  experts  support  the 


idea  that  assessing  a  10  percent  slice  of  proj¬ 
ects — even  those  considered  to  be  representa¬ 
tive  of  all  the  different  types  of  work  a  company 
does — should  lead  to  claims  of  “enterprisewide 
CMM.”  Vendors  argue  that  there  is  logic 
behind  these  claims.  The  higher  CMM  levels 
(3  and  above)  require  that  a  company  have  a 
centralized  process  for  software  development 
and  project  tracking,  among  other  things.  Since 
everyone  across  the  company  is  supposed  to 
use  that  same  process  that  was  used  in  the  proj  - 
ects  that  were  assessed  at  Level  5,  for  example, 
all  projects  across  the  company  can  be  assumed 
to  be  at  Level  5. 

But  as  soon  as  you  dig  beneath  the  surface, 
the  logic  falls  apart.  The  process  may  have 
changed  completely  since  the  assessment  was 
performed.  Indeed,  Indian  services  companies 
in  particular,  where  the  most  CMM  Level  5 
assessments  have  been  reported,  are  growing 
so  quickly — some  adding  as  many  as  50  to  60 
new  developers  a  week — that  avoiding  change 
is  nearly  impossible.  The  company  also  may 
have  changed  the  types  of  work  it  does  and  per¬ 
haps  acquired  other  companies  along  the  way 


that  were  not  assessed  at  any  level.  And  if  the 
company  does  not  have  an  excellent  training 
program  for  all  its  project  managers  and  devel¬ 
opers — so  they  can  work  at  the  same  level  as 
those  in  the  projects  that  were  assessed — the 
assessment  means  little. 

CMM  is  a  “snapshot  in  time,”  says  the  SEI, 
and  it  encompasses  only  the  projects  that  were 
assessed.  Lurthermore,  if  the  snapshot  was 
taken  more  than  two  years  ago,  most  experts 
say,  it  will  have  yellowed  so  badly  that  the 
company  is  probably  no  longer  at  the  same 
maturity  level. 

Now  that  CMM  has  become  table  stakes 
for  billions  worth  of  business,  some  believe 
that  providers  should  bite  the  bullet  and  get 
all  their  projects  assessed  if  they  are  going  to 
claim  “enterprise  Level  5  CMM.” 

“If  I  were  a  CIO  and  a  company  was  telling 
me  their  entire  company  was  CMM  5,  I’d 
want  all  the  people  on  my  project  to  have  gone 
through  the  assessment,”  says  Margo  Visita- 
cion,  a  Lorrester  Research  analyst  and  former 
quality  assurance  manager  at  a  software 
development  company.  “[The  service 


7.  WAS  THE  APPRAISER  FROM  INSIDE  OR  OUTSIDE  THE 


fer*  : 


least  one  of  the  projects  assessed  had  something  to  do  with 


ORGANIZATION? 


Internal  assessors  cannot  be  as  objective  as 


mat  lead  assessors  who  have  no  links  to  the  company. 


financial  processes. 


8  .  WHERE  ARE  THE  REPORTS? 


Ask  for  formal  documents  that 
essor  must  provide  to  the  company,  most  importantly  the 
Findings  Report  (discusses  strengths  and  weaknesses  of 
the  company)  and,  for  CMMI,  the  Appraisal  Disclosure  Statement 
(states  exactly  where,  when,  how  and  by  whom  the  assessment 
was  done).  If  the  documents  are  vague  or  fluffy,  ask  for  more 
detail.  The  company  has  it.  if  the  company  won’t  let  you  see  the 
arts,  move  on.  You  may  have  found  a  cheater. 


If  you're  a 
want  to  make  sure  that  at 


B-sIfiSp; 


SULT  ON  THE  PROCESSES  BEING 


Appraisers  are  supposed  to  be  independent  and 
objective.  If  they’ve  helped  the  company  develop  the  processes 
they  are  rating,  it’s  a  conflict  of  interest,  and  they  may  be  tempted 
to  improve  the  ratings  to  get  their  consulting  fees. 


11 .  HOW  MANY  PROJECT  MANAGERS  WHO  WERE  ASSESSED 
AT  LEVEL  5  WILL  BE  ON  YOUR  PROJECT  TEAM? 

12 .  HOW  DOES  THE  COMPANY  TRAIN  NEW  PEOPLE  TO  BE  CM' 
LEVEL  5? 


If  the  company  doesn’t  train  well,  it  will  not  sustain  its 

. 

CMM  level  for  long. 


M 


www.cio.com  •  MARCH  1,  2004  CIO  53 


director  of  application  development  for  OnStar,  says  CIOs  who  look  to 
CMM  for  guarantees  won’t  find  them. 


Cover  Story  |  Software  Quality 

providers]  are  getting  millions  in  business 
from  their  CMM  levels.  Why  shouldn’t  they 
have  all  of  their  developers  go  through  an 
assessment?” 

How  Much  for  That 
Certification? 

ppraisers  continue  to  cheat  too, 
according  to  their  colleagues.  The 
pressure  on  appraisers,  in  fact,  is 
higher  than  ever  today,  especially 
with  offshore  providers  competing  in  the  out¬ 
sourcing  market.  Frank  Koch,  a  lead  appraiser 
with  Process  Strategies  Inc.,  another  software 
services  consultancy,  says  some  Chinese  con¬ 
sulting  companies  he  dealt  with  promised  a 
certain  CMM  level  to  clients  and  then  expected 
him  to  give  it  to  them.  “We  don’t  do  work  for 
certain  [consultancies  in  China]  because  their 
motives  are  a  whole  lot  less  than  wholesome,” 
he  says.  “They’d  say  we’re  sure  [certain  clients] 
are  a  Level  2  or  3  and  that’s  unreasonable,  to 
say  nothing  of  unethical.  The  term  is  called  sell¬ 
ing  a  rating.” 

Will  Hayes,  quality  manager  for  the  SEI 
Appraisal  Program,  would  only  acknowledge 
one  recent  case  of  an  appraiser  who  had  his 
license  revoked  by  the  SEI  for  improperly 
awarding  a  company  a  Level  4  assessment. 
However,  it’s  difficult  for  the  SEI  to  know 
exactly  how  much  cheating  is  going  on 
because  it  does  not  monitor  the  claims  that 
companies  make  about  CMM. 

“Are  there  organizations  out  there  claim¬ 
ing  Level  5  who  have  never  submitted  the 
information  to  the  SEI?  I’m  sure  that  there 
are,”  says  SEI’s  Douglass.  That’s  little  comfort 
to  CIOs  who  would  rather  not  discover  a  false 
CMM  claim  the  hard  way — by  seeing  their 
projects  fail. 

There  is  a  way  to  prove  whether  the  assess¬ 
ment  was  done,  but  it  may  be  hard  for  CIOs 
to  get  the  evidence.  Appraisers  are  required  to 
submit  formal  documentation  of  all  their 
assessments  to  the  SEI  and  to  customers.  Lead 
appraisers  must  write  up  something  called  a 
Final  Findings  Report  that  includes  “areas  for 
improvement”  if  the  appraiser  finds  any  (they 
usually  do,  even  with  Level  5  companies).  But 
there  is  no  requirement  for  the  content  or  for¬ 


mat  in  the  reports  to  be  consistent  across 
appraisers  or  companies.  Only  the  methods 
for  arriving  at  the  final  number  are  consistent. 
According  to  one  appraiser  who  asked  not  to 
be  named,  companies  will  often  ask  apprais¬ 
ers  to  “roll  up”  the  detailed  findings  into  shal¬ 
low  PowerPoint  presentations  that  don’t  give 
a  very  good  picture  of  the  company  and  its  soft¬ 
ware  development  processes.  “The  purpose  of 
the  report  is  to  tell  companies  where  they  need 
to  improve — that’s  the  whole  point  of  CMM,  ” 
she  says.  “  But  they  make  us  write  these  fluffer¬ 
nutters  that  can  gloss  over  important  details.  ” 
The  Final  Findings  Report  is  what  company 
officials  present  internally  to  the  big  brass  and 
to  customers  knowledgeable  enough  to  ask  for 
it.  But  there’s  no  obligation  to  do  it.  They  can 
declare  their  CMM  level  without  producing 
any  evidence.  They  can  even  hire  their  own 


lead  appraisers  inside  the  company  and  assess 
their  CMM  capabilities  themselves.  They 
don’t  have  to  hire  a  lead  appraiser  from  the 
outside  who  might  be  under  less  pressure  to 
give  a  good  assessment.  And  they  can  charac¬ 
terize  their  CMM  level  any  way  they  want  in 
their  marketing  materials  and  press  releases. 

SEI  officials  say  they  are  not  in  the  business 
of  controlling  what  companies  say  about  their 
assessments.  Nor  will  they  reveal  to  the  public 
which  companies  have  been  assessed  or  what 
the  assessments  consisted  of.  “We  weren’t  char¬ 
tered  to  be  policemen — we’re  a  research  and 
development  group,”  Hayes  says. 

Instead,  the  SEI  exerts  control  through  the 
relatively  small  lead  appraiser  community 
(approximately  220  are  authorized  to  do 
CMM  assessments).  From  the  beginning,  the 
SEI  has  reserved  the  right  to  discipline  or  even 


54  CIO  MARCH  1,  2004  •  www.cio.com 


PHOTO  BY  DAVID  BADITOI 


AND  ANYWHERE  IN  BETWEEN. 


INTRODUCING  QWEST’S  NEWLY  EXPANDED  COVERAGE  AREA:  Today  Qwest®  offers  integrated 
voice  and  data  services  nationwide  on  our  own  network.  So  your  business  can  now  use  Qwest  for  fully 
managed,  end-to-end,  point-to-point  solutions,  enhanced  call  center  applications,  dedicated  long¬ 
distance  and  toll-free  services.  If  you  need  to  connect  remote  users  or  locations  nationwide,  you  can 
do  it — all  on  our  state-of-the-art  OC-192  nationwide  network.  That’s  a  Spirit  of  Service  that  keeps 
growing.  And  stays  with  you  for  the  long  haul. 


IXlXXf Kl ft 


LQwest 


Spirit  of  Service" 


To  find  out  more,  call  1  800-506-0663  or  visit  qwest.com/bizspirit 


VOICE  SOLUTIONS 
DATA  SOLUTIONS 
INTERNET  SOLUTIONS 
MANAGED  SOLUTIONS 


Selected  services  subject  to  availability.  ©2004  Qwest  Communications  International  Inc. 


When  it  comes  to  building  software,  quality  and  productivity  don’t  have  to  be  opposing  forces.  At  Cigital,  we  can 
help  you  have  it  all.  ■  Cigital  drives  down  the  cost  of  deploying  quality  software.  Our  software  quality  management  solutions 
measure  software  quality  throughout  the  development  lifecycle  to  determine  application  readiness  and  pinpoint  areas  where 
process  improvement  yields  the  greatest  cost  reductions.  •  The  result?  Our  commercial  and  government  clients  hit  their 
software  quality  goals  with  improved  predictability  and  cost-efficiency. 


To  learn  more  about  Cigital’s  software  quality 
management  solutions,  visit  www.cigital.com 
or  contact  us  at  info@cigital.com. 


Cover  Story  |  Software  Quality 


remove  appraisers  who  cheat  or  do  their  jobs 
badly.  But  in  the  early  days,  the  SEI  rarely  fol¬ 
lowed  through  on  those  threats,  say  longtime 
appraisers. 

More  recently,  the  SEI  toughened  up  the 
CMM  itself  andplansto  completely  replace  it 
(as  of  December  2005)  with  a  broader,  more 
in-depth  model  called  CMMI.  In  the  process, 
it  has  increased  the  training  requirements  and 
controls  on  appraisers.  According  to  Hayes, 
under  CMMI,  the  SEI  reviews  each  appraisal 
that  comes  in  for  irregularities.  And  under 
CMMI,  appraisers  have  to  file  a  report  called 
an  Appraisal  Disclosure  Statement  that  clearly 
states  which  parts  of  the  organization  and 
projects  were  assessed,  as  well  as  all  the  people 
who  took  part  in  the  assessment  (though 
assessed  companies  are  not  required  to  reveal 
that  report  publicly,  either).  The  SEI,  along 
with  the  lead  appraiser  community,  is  also 
developing  a  “code  of  ethics”  for  appraisers. 


He  recalls  confronting  a  manager  from  one  of 
his  CMM  Level  5  offshore  outsourcing  com¬ 
panies  who  did  not  know  how  to  do  a  testing 
plan  for  software.  “My  people  had  to  train 
him  to  do  it,”  he  says.  On  another  occasion, 
Harris’s  staff  discovered  that  the  offshore 
provider  had  fallen  far  behind  schedule  in  one 
of  its  projects  but  had  not  told  him.  “You’d 
think  a  Level  5  company  would  have  told  me 
months  before  that  the  schedule  was  slipping 
and  we  needed  to  do  something,”  he  says. 

Problems  like  those  can  damage  CIOs’ 
credibility  inside  IT  and  with  the  business — 
especially  if  they  used  a  CMM  level  to  defend 
a  decision  to  move  development  offshore  or 
use  a  particular  outfit.  As  Harris  has  learned, 
what  matters  is  what’s  behind  the  impressive- 
looking  number.  Is  there  a  verifiable  commit¬ 
ment  to  quality,  process  and  training?  Can 
companies  demonstrate  improvements 
they’ve  made  over  time  in  customer  delivery 


What  matters  is  what’s  behind  the  impressive-looking  number.  Is 
there  a  ,  process  and  training? 


Yet  if  CIOs  want  to  get  the  true  picture 
about  appraisers,  to  check  if  they’ve  ever  been 
reprimanded  for  performing  faulty  assess¬ 
ments  or  thrown  out  altogether  for  cheating, 
they  are  out  of  luck.  The  SEI  will  not  reveal 
any  information  about  errant  appraisers. 

And  the  SEI  has  no  intention  of  becoming  a 
governing  body  like  the  American  National 
Standards  Institute  (ANSI),  which  controls 
ISO  9000  certification  in  the  United  States. 
ANSI  requires  companies  to  be  reassessed 
every  six  months  if  they  want  to  maintain  their 
ISO  9000  certification  and  reassesses  all  its 
appraisers  each  year.  “No  one  has  asked  us  to 
become  a  governing  body,  and  that’s  not  our 
mandate.  And  if  we  did,  what  would  that 
solve?”  the  SEI’s  Humphrey  asks.  “It  wouldn’t 
excuse  anyone  from  doing  their  homework.  ” 

Indeed,  CIOs  who  look  to  CMM  for  guar¬ 
antees  won’t  find  them,  says  Rick  Harris, 
director  of  application  development  for 
OnStar,  a  division  of  GM  that  provides  com¬ 
munications  inside  the  company’s  vehicles. 


times,  developer  productivity  and  defect  den¬ 
sity?  Will  the  project  managers  that  went 
through  the  assessment  be  assigned  to  your 
project?  If  the  answer  to  any  of  these  questions 
is  no,  then  a  CMM  Level  5  isn’t  worth  much. 

There  is  still  no  substitute  for  deep  due  dili¬ 
gence.  “The  real  test  is  when  you  get  into  the 
trenches  and  see  whether  these  companies 
bring  their  capabilities  to  bear,”  says  Harris. 
“Do  their  people  and  processes  hold  up  under 
pressure?  In  my  experience,  in  some  cases 
they  have  and  others  they  haven’t.  ”  HH 


Do  you  have  any  CMM  stories  to  share?  Send 
feedback  to  Executive  Editor  Christopher  Koch  via 
e-mail  at  ckoch@cio.com. 


Learn  More  About  CMM 


For  more  background  on  the  seal  of  approval 
for  a  company’s  software  development 
process,  go  to  the  source:  the  official  CMM 
website.  To  find  the  link,  just  go  to 

www.cio.com/printlinks. 

cio.com 


www.cio.com  •  MARCFI  1,  2004  CIO  57 


Growing  companies  face  ur 
challenges  in  managing  their  growth. 
ERM,  CRM,  SCM,  Analytics  and  E- 
Commerce  become  more  important 
as  businesses  expand. 


Are  you  equipped  to  take  your 
business  to  the  next  step? 

• 

How  do  you  integrate  your  systems 
and  processes  from  end  to  end? 


How  do  you  know  if  your  systems 
can  keep  up  with  your  company’s 
growth  rate? 

To  address  these  issues,  plus  a 
range  of  business  applications,  CIO 
has  developed  a  Business  Insight 
Center  in  partnership  with  Microsoft 
Business  Solutions. 

This  compilation  of  insights,  tools 
and  information  has  been  specially 
designed  to  provide  the  up-to-date 
information  you  need,  in  order  to 
keep  your  company  ahead  of  the 
curve. 

Visit  the  Business  Insight  Center  at: 


www.cio.com/research/bic 


The  Resource  for  Information  Executives 


Senior  citizens  who  belong  to  AARP  protested 
the  group’s  decision  to  endorse  last  December’s 
legislation  on  Medicare  drug  benefits  (above  right). 
John  Sullivan,  CIO  of  AARP,  hopes  IT  can  help 
bridge  the  generational  divide  between  baby 
boomers  and  seniors  on  this  and  many  other  issues, 


PHOTOGRAPHY  BY  STEVEN  VOTE.  PHOTO  ABOVE  BY  AP/WIDE  WORLD  PHOTOS 


Customer  Service 


\\\  Jw*,i 
OK  Sff* 


1  AARf-Srop 
'cam  m  & 
GNlORsni 


lL 


IS  TALKING ’BO 


During  the  next  10  years,  two-thirds  of  the  76  million 
baby  boomers  will  be  easing  into  middle  age  and 
preparingfor  retirement.  AARP  is  getting  ready. 

BY  ELANA  VARON 


IT’S  2:30  P.M.,  48  hours  after  AARP  endorsed  the  controversial  Medicare 
prescription  drug  bill,  and  more  than  2,000  calls  have  ripped  through  its  call  cen¬ 
ter  in  Plantation,  Fla.  The  callers,  like  the  gaggle  of  protesters  who  tore  up  their 
membership  cards  outside  AARP’s  downtown  Washington  headquarters  ear¬ 
lier  in  the  day,  are  furious  at  the  nonprofit  organization  for  supporting  the  bill, 
which  they  believe  will  benefit  not  seniors,  but  drug  and  insurance  companies. 

CIO  John  Sullivan  has  tried  to  prepare  for  the  onslaught.  His  IT  staff  and 
AARP’s  call  center  contractor  have  added  30  to  40  people  to  ensure  that  the 
phones  are  answered  and  that  callers  are  able  to  register  their  opinions.  For  Sul¬ 
livan,  the  fact  that  so  many  AARP 
members  get  through  is  living  proof 
that  his  IT  strategy  is  succeeding. 

His  goal,  like  that  of  many  CIOs,  is 
to  be  flexible  and  to  respond  quickly 
to  changing  business  conditions — 
whether  it’s  demand  for  a  new 
product  or  a  surge  in  complaints. 

But  even  the  most  prescient  IT 
strategy  can’t  anticipate  every 


Reader  ROI 

►  How  AARP  is  using  IT  to  satisfy  its 
large  and  diverse  membership 

►  Why  the  nation's  largest  advocacy 
group  for  seniors  is  investing  in 
Web  services 

►  How  AARP  balances  the  sharing  of 
customer  information  with  privacy 
concerns 


www.cio.com  •  MARCH  1,  2004  CIO 


5  9 


Customer  Service 


problem.  AARP  executives  decided  to  deal 
with  the  flood  of  angry  calls  made  directly  to 
its  headquarters  in  Washington,  D.C.,  by 
telling  switchboard  operators  not  to  connect 
those  calls.  Eventually,  the  blackout  is  lifted,: 
but  by  mid-January,  an  estimated  45,000  of 
AARP’s  35  million  members  had  quit,  and 
AARP  is  deep  into  damage  control. 

What  members  seem  most  incensed  about  is 
the  notion  that  AARP  gave  its  imprimatur  to 
the  Medicare  legislation,  which  Congress! 
passed  in  late  November,  because  there’s  money 
in  it  for  the  organization.  It’s  true  that  the  bulk 
of  AARP’s  revenue  comes  from  selling  or  dis¬ 
tributing  third-party  products  and  services, 
including  insurance  policies.  But  AARP  execu¬ 
tives  say  they  endorsed  the  bill  because  it  was 
important  to  achieve  some  sort  of  prescription 
drug  benefit  for  seniors.  They  also  say  they  con¬ 
ducted  numerous  focus  groups  and  member¬ 
ship  surveys  before  making  that  endorsement, 
land  they  repeat,  almost  like  a  mantra,  that  what¬ 
ever  profits  they  make  are  reinvested  to  provide 
services  to  members.  All  of  this,  they  note,  ben¬ 
efits  seniors  in  the  long  run. 

The  question  is,  which  seniors?  According 
to  health  policy  analysts,  current  Medicare 
recipients  who  have  their  own  prescription 
drug  coverage  and  affluent  retirees  are  among 
those  least  likely  to  benefit  from  the  new  leg¬ 
islation.  This  active  and  vocal  group  is  part  of 
AARP’s  core  constituency — 60  percent  of  its 
members  are  aged  65  and  older — and  they 
have  provided  AARP  with  much  of  its  politi¬ 
cal  power.  But  AARP  also  has  its  eye  on  an 
emerging  constituency  even  more  powerful 
due  to  its  sheer  numbers — the  76  million  baby 
boomers  who  are  easing  into  middle  age  and 
will  begin  their  retirements  during  the  next 
decade.  According  to  some  surveys,  this  group 
expects  to  be  healthier  than  their  parents  and 
is  more  amenable  to  the  idea  that  the  govern¬ 
ment  cede  control  of  some  Medicare  services: 
to  private  companies.  They  also  have  nothing 
immediately  to  lose,  notes  Grant  Reeher,  a 
health-care  expert  and  associate  professor  of 
political  science  at  Syracuse  University. 

The  Medicare  debate  is  emblematic  of  a 
conundrum  AARP  now  faces  as  both  an  advo¬ 
cacy  group  and  a  $636  million  business:  how 

0  CIO  MARCH  1,  2004  •  www.cio.com 


Ava  Baker,  AARP’s  director  of  member  service,  wants  to  use  Web  self-service  to 
give  baby  boomers  one-stop  shopping  for  their  retirement  and  medical  needs. 


ito  balance  the  needs  of  its  current  members 
with  the  demands  of  an  emerging  constituency 
and  potentially  lucrative  market.  Interestingly,! 
AARP  executives  are  betting  $50  million 
annually  on  information  technology  to  help 
them  bridge  the  generational  divide.  They  have 
invested  in  a  central  customer  database  that 

I 

can  be  accessed  both  by  members  and  trading 
partners  to  provide  more  timely  personal  serv¬ 
ice.  They  are  revamping  their  Web  self-service 
^offerings  so  that  baby  boomers  can  more  eas¬ 
ily  do  their  retirement  planning  online.  And 
•  are  investing  in  Web  services  as  a  way  to 


deploy  new  applications  quickly  so  that  AARP 
and  its  partners  can  offer  a  greater  range  of 
products  to  members  from  both  generations. 

CIO  Sullivan  travels  a  lot,  and  he  makes  a 
point  of  talking  to  people  about  baby  boomer 
expectations  wherever  he  goes.  From  those 
conversations,  he  says,  one  thing  is  clear:  Baby! 


boomers  are  more  demanding  than  their  par¬ 
ents  were.  Giving  them  the  personalized  atten¬ 
tion  they  want  will  only  benefit  everyone. 

The  Times  They  Are  A-Changin’ 

AARP’s  marble-faced  headquarters  encom¬ 
passes  most  of  a  block  in  a  rejuvenated  down¬ 
town  business  district  of  Washington.  Trendy 
restaurants,  boutiques  and  luxury  condos 
have  supplanted  many  abandoned  storefronts 
and  crumbling  apartment  buildings,  but  there 
is  scaffolding  everywhere:  The  transforma¬ 
tion  is  not  quite  complete. 

Formerly  known  as  the  American  Associa¬ 
tion  of  Retired  Persons,  AARP  began  its  own 
transformation  not  long  after  moving  into  the 
10-story  building  in  1992.  The  first  baby 
boomers  turned  50  and  became  eligible  for 
AARP  membership  in  1996.  Two  years  later, 
the  organization  dropped  its  name  (along  with 


COMPUWARE 


THE  POWERTO  Create,  Confirm,  Control 

Software  and  services  from  Compuware  help  create  applications  that  move  into  action  faster. 
Solutions  for  development,  quality  assurance  and  operations  let  you  confirm  efficient 
deployment  and  ongoing  availability  with  confidence.  Achieve  control  over 
application  performance  and  exceed  the 
quality  your  end  users  demand — now. 


The  leader  in  IT  value. 


COMPUWARE 

www.compuware.com 


g 

Sm 


m 

ini 

SS 

M 


'■’Zsik** 


Customer  Service 


TIPS  ON  HOW  TO  CROSS 
THE  GENERATIONAL  DIVIDE 


AARP  CIO  John  Sullivan  thinks  his  organization’s  IT  can  serve  as 
a  model  for  how  to  provide  personal  attention  to  a  large,  diverse 
membership.  Here  are  his  secrets. 


1  Support  online  transactions.  Only  a  handful  of  customers  may  want  these  now  (less 
than  10  percent  of  AARP’s  members  sign  up  or  renew  their  memberships  online),  but  by 
investing  today,  you'll  be  prepared  as  demand  grows. 


2  Don’t  abandon  traditional'channels.  IT  can  help  make  the  mail  and  telephone  opera¬ 
tions  that  existing  customers  prefer  more  efficient.  AARP  has  deployed  an  interactive  voice 
response  system  that  allows  members  to  perform  simple  transactions  over  the  telephone. 


3  Be  flexible.  Store  customer  data  separately  from  the  applications  that  use  it,  so  it’s  easy 
to  update  information  and  add  new  functionality.  Connect  suppliers  to  your  internal 
applications  with  reusable  Web  services  or  a  portal.  Use  software  that  is  based  on  industry 
standards  so  that  you  can  change  vendors  or  add  new  technologies  as  your  needs  warrant. 


4 


Have  a  robust  privacy  and  security  policy,  and  follow  it.  A  satisfied  customer  is  one 
who  trusts  you. 


5  Stick  with  what  works.  AARP  runs  its  customer  database  on  a  mainframe,  as  it  has  for 
years,  because  the  technology  is  reliable  and  will  support  increasing  numbers  of  trans¬ 
actions  as  membership  grows.  -E.V. 


the  word  retired )  in  favor  of  its  acronym.  More 
changes  followed:  AARP  began  to  offer  prod¬ 
ucts,  services  and  information  targeted  to! 
younger  members,  such  as  an  online  calculator; 
to  help  people  figure  out  how  much  to  save  for 
retirement.  It  began  producing  multiple  ver¬ 
sions  of  its  magazine  Modern  Maturity  for 
three  distinct  age  groups  (the  name  of  the  mag¬ 
azine  was  changed  last  year  to  AARP:  The 
Magazine).  And  it  started  to  invest  more  heav¬ 
ily  in  IT,  developing  not  only  a  strong  online 
presence  but  also  revamping  its  customer  data¬ 
bases  so  that  member  information  can  be 
maintained  and  secured  independently  of  the 
numerous  IT  applications  that  use  it. 

And  for  good  reason.  Among  the  many 
facts  AARP  has  learned  about  Americans 
born  between  1946  and  1964 — their  ethnic 
diversity,  relative  affluence  and  sense  of  indi¬ 
vidualism  and  self-reliance — one  of  the  most 
significant  differences  between  them  and  their 
parents  is  that  they  are  not  good  at  waiting. 


When  they  buy  products  and  services  or  look 
for  information,  they  want  choices,  conven¬ 
ience  and  control.  AARP  does  not  have  any 
direct  competition,  even  though  there  are  other 
groups  at  both  ends  of  the  political  spectrum 
that  lobby  on  issues  important  to  seniors  and 
provide  some  modest  services.  But  no  one  else 
offers  the  same  combination  of  community 
service,  information,  political  advocacy  and 
AARP’s  now-legendary  discounts.  Neverthe¬ 
less,  if  the  benefits  of  membership  aren’t  easy  to 
access,  why  join  at  all? 

“  [Baby  boomers]  are  looking  for  one-stop 
shopping,”  says  Ava  J.  Baker,  AARP’s  direc¬ 
tor  of  member  service.  A  typical  baby  boomer 
is  working,  has  children  at  home,  and  may 
also  be  taking  care  of  aging  parents.  Whether 
she  is  doing  research  or  has  a  question  about 
her — or  her  parents’ — benefits,  she  wants 
information  at  her  fingertips.  As  Americans 
live  longer,  even  members  who  turn  65  are 
likely  to  have  living  parents  who  need  help, 


says  Baker — another  difference  between 
boomers  and  the  older  generation. 

Furthermore,  baby  boomers  are  increasingly 
wired.  A  study  published  in  April  2003  by  The; 
Pew  Internet  &  American  Life  Project  found 
that  in  2002, 52  percent  of  Americans  aged  50 
to  64  had  Internet  access,  compared  with 
45  percent  in  2000.  Meanwhile,  among  respon¬ 
dents  aged  30  to  49,  a  category  that  includes  the; 
last  nine  years  of  the  baby  boom,  47  percent  said 
they  are  current  Internet  users,  while  more  than 
half  of  the  rest  said  they  would  go  online  even-; 
tually.  Their  experience  working,  shoppings 
investing,  planning  trips,  doing  research  and 
communicating  online  has  already  carried  over! 
into  a  demand  for  transacting  business  with] 
AARP  on  the  Web.  Although  seniors  aged  65 
and  older  use  the  Internet  the  least,  the  number 
of  people  in  this  age  group  who  are  online  is 
increasing  as  well.  AARP’s  own  data  shows  that 
[about  16  million  of  its  members  have  regular! 
Internet  access.  “The  percent  of  members  who 
want  to  interact  that  way  is  increasing  at  a 
healthy  rate,”  says  Tony  Ha  bash,  director  for! 
IT  strategies  and  solutions  at  AARP. 

It  is  already  possible  to  interact  with  AARP 
electronically  on  several  dimension®Tembers 
can  sign  up  and  renew  their  memberships  on 
AARP’s  website.  Almost  100  message  boards 
provide  forums  for  members  to  discuss  just 
about  any  subject.  Hundreds  of  messages  flew 
back  and  forth  on  AARP’s  policy  message 
[board  recently  as  members  debated  the  merits 
of  the  Medicare  bill.  And  through  a  partner¬ 
ship  with  nonprofit  online  service  Volunteer- 
Match,  AARP  helps  members  sign  up  for 
hundreds  of  volunteer  activities  nationwide. 

If  you  purchase  an  AARP-sponsored  insur¬ 
ance  policy,  you  can  get  rates  quoted  online 
and  download  applications.  In  what  has 
become  a  staple  of  political  advocacy,  you  can, 
isign  up  for  alerts  about  upcoming  votes  on 
congressional  legislation  and  use  an  online 
tool  to  generate  and  send  an  e-mail  to  your 
congressman  about  an  issue. 

“Right  now,  we’re  like  any  other  organiza¬ 
tion  in  the  U.S.  when  it  comes  to  providing 
online  services:  We  let  members  do  a  few 
transactions,”  says  Sullivan,  who  has  a  bigger 
vision  in  mind. 


Compuware 

OptimalJ 


THE  POWER  TO  Develop,  Transform,  Reuse 

Put  your  J2EE™  application  development  into  overdrive — with  unmatched  quality  and 
unprecedented  flexibility — using  Compuware  OptimalJ.  Increase  developer  productivity  up 
to  90%.  Seamlessly  instill  quality  into  development.  Forge  existing  infrastructures  and  new 
technologies  into  an  integrated  whole. 

Realize  business  agility  with  applications 
that  are  truly  reusable,  time  and  time  again. 


The  leader  in  IT  value. 


COMPUWARE 

www.compuware.com 


Customer  Service 


This  year,  for  instance,  AARP  plans  to 
launch  a  new  system  that  will  help  aging  baby 
boomers  plan  for  their  future  medical  needs 
and  how  they  will  finance  them.  From  surveys 
and  website  statistics,  AARP  executives  have 
learned  that  health  information  and  products 
relating  to  health  care  are  among  the  top  inter¬ 
ests  of  members. 

One  of  the  organization’s  biggest  challenges 
is  making  sure  the  website  has  something  for 
everyone.  “We  can’t  make  a  decision  that  we’re 
only  going  to  worry  about  the  people  buying 
health  care  or  home  or  auto  insurance  prod¬ 
ucts,”  says  Mark  Carpenter,  AARP’s  director 
of  Web  operations.  “Everyone  pays  their 
$12.50  a  year,  and  that  entitles  them  to  a  cer¬ 
tain  amount  of  access.”  Younger  members 
might  spend  a  little  time  online  conducting  a 
transaction,  but  when  older  members  do  get 
online,  they  spend  a  lot  of  time  using  the  site  to 
get  involved  with  the  organization. 

An  early  effort  to  enable  personalization  on 
the  website  “didn’t  work  so  well,”  says  Car¬ 
penter,  because  it  relied  too  much  on  the  mem¬ 
bers  to  define  their  own  interests.  Now 
Carpenter  is  working  on  an  “Amazon-type” 
approach  to  deliver  information  based  on  what 
visitors  do  on  the  site,  rather  than  asking  them 
lots  of  questions  about  what  they  want.  If  you 
search  for  information  about  Medicare,  AARP 
might  serve  up  some  related  articles  for  you  to 
read  or  a  link  to  its  health  insurance  products. 

“Gotta  Keep  the  Customers 
Satisfied” 

Inside,  AARP’s  offices  are  a  warren  of  corridors 
and  cubicle  pods  coated  and  carpeted  in  a 
soothing  gray.  As  in  most  office  buildings,  vis¬ 
itors  can’t  wander  around  without  an  escort, 
but  here  even  employees  sometimes  have  trou¬ 
ble  finding  exactly  who  they  are  looking  for. 
The  building  is  arranged  around  two  stove¬ 
pipes:  elevator  banks  that  serve  Building  A  and 
Building  B.  The  IT  department  is  on  one  side. 
The  executives  who  run  AARP’s  health-care 
programs  are  on  the  other. 

For  years,  its  customer  data  and  systems 
were  similarly  stovepiped. 

And  for  members  of  any  age,  that  can,  at 
worst,  be  traumatic.  A  husband  dies,  and  his 

64  CIO  MARCH  1,  2004  *  www.cio.com 


Mark  Carpenter,  AARP’s  director  of  Web  operations,  says  the  website  has  to 
H  I 

appeal  to  both  younger  baby  boomers  and  senior  citizens  who  don’t  want  as 

many  bells  and  whistles. 


yvife  calls  AARP  to  cancel  his  membership 
But  the  message  doesn’t  get  to  Scudder  Invest 
ments,  through  which  he  bought  an  AARP-: 
branded  mutual  fund.  Soon,  a  few  marketing! 
solicitations  come  for  him  in  the  mail,  and  the 
grieving  widow  has  to  make  another  phone 
call.  Ideally,  says  Sullivan,  member  data 
should  be  integrated  so  that  the  widow  can; 
end  the  painful  mailings  with  a  single  call.  “It 
is  a  small  thing,  but  if  you  do  small  things  well, 
it’s  just  going  to  improve  the  process  of  aging: 
for  our  members,”  he  adds. 

It  turns  out  that  taking  care  of  such  seem- 

I  >  < 

ingly  small  details  can  be  addressed  with  IT 
investments  that  solve  some  bigger  prob- 
lems — like  how  to  support  a  multifaceted 
business  model  or  keep  costs  down.  During 
the  past  two  years,  AARP  has  deployed  a  cen¬ 
tral  membership  database  that  is  continuously! 


updated,  making  it  easier  for  the  organization 
to  market  products  and  services  to  its  mem¬ 
bers.  Establishing  common  interfaces  to  this 
database  for  its  suppliers,  through  a  Web  por¬ 
tal  and  using  Web  services,  also  makes  it  less 
expensive  for  the  group  to  maintain  links  with 
suppliers  or  change  its  mix  of  services. 

AARP  already  offers  dozens  of  services 
from  third  parties,  which  have  stiff  competi¬ 
tion  to  be  allowed  to  offer  an  AARP  brand. 
While  AARP  has  traditionally  inked  long¬ 
term  contracts  with  suppliers,  that’s  starting 
to  change  as  industry  practices  evolve  and 
members  look  for  more  choices.  For  instance, 
AARP  Services,  a  wholly  owned,  for-profit 
subsidiary  that  manages  AARP’s  third-party 
services  (and  returns  its  profits  to  the  parent 
organization),  is  planning  to  renegotiate  a 
series  of  10-year  contracts  with  five  health 


■ 

i 


insurance  providers  as  three-  to  five-year 
deals.  Noelle  Ronald,  the  division’s  director 
for  member  health  products,  says  the  shorter 
contract  terms  will  allow  more  flexibility  to 
negotiate  new  terms  or  rebid  the  contracts. 

Up  till  now,  AARP  has  coded  data  ex¬ 
changes  separately  with  each  of  its  service 
providers,  a  slow  and  expensive  process.  Now, 
CIO  Sullivan’s  team  is  deploying  a  set  of  inter¬ 
faces  to  its  applications  based  on  Web  services 
that  will  speed  integration  with  suppliers  and 
enable  AARP  to  improve  its  customer  service. 
The  first  iteration  of  the  interfaces  is  currently 
being  rolled  out  by  AARP’s  contact  center  con¬ 
tractor  Precision  Response.  When  a  member 
calls,  writes  or  e-mails  with  a  question  or  com¬ 
plaint,  Precision  Response  will  be  able  to  use 
Web  services  to  access  AARP’s  applications,: 
change  someone’s  address  or  look  up  informa¬ 
tion  about  a  service  she  uses.  In  the  future,  this; 


brokers,  says  Suzanne  Hall,  AARP’s  director  ofj 
IT  assurance  and  security. 

The  organization  tries  to  control  spam 
through  a  “double  opt-in”  process,  through 
which  members  have  to  confirm  they  want  any 
information  they’ve  signed  up  to  get.  AARP 
also  has  set  up  procedures  to  verify  that  its  serv¬ 
ice  providers  aren’t  violating  agreements  not  to 
send  junk  mail.  In  addition,  AARP  also  requires 
its  partners  to  comply  with  its  security  prac¬ 
tices,  and  it  does  its  own  testing  of  suppliers’: 
networks  to  confirm  they  are  following  these 
procedures.  “We  rely  on  our  own  security  to 
ensure  that  we’re  only  giving  them  data  that’s 
appropriate  for  them  to  receive,”  Hall  says. 

< 

Takin’  Care  of  Business 

jFrom  most  places  in  central  Washington,  there 
|is  some  icon  of  democracy  within  sight.  Live 
and  work  there  long  enough,  though,  and  the 


always,  for  instance,  rewarded  its  executives: 
handsomely  (in  the  wake  of  the  Medicare 
debate,  Executive  Director  and  CEO  William] 
Novelli  has  been  criticized  by  some  members^ 
for  taking  a  $420,000  salary). 

AARP  executives  acknowledge  that  their 
need  for  revenue  to  support  activities  that  don’t 
make  money  results  in  “an  interesting  dance, 
[sometimes,”  as  Web  Operations  Director  Car¬ 
penter  puts  it.  When  it  comes  to  IT,  some  deci- 
1 

:sions,  such  as  how  much  to  invest  in  integration 
with  a  service  provider,  are  made  based  on  how 
much  revenue  AARP  will  get  from  the  deal. 
But  not  every  investment  decision  comes  down 
Ito  whether  AARP  will  make  money  from  it. 
[Some  projects,  such  as  the  deployment  of  a 
jnew  system  that  will  scan,  sort  and  route  paper* 
mail,  are  tied  to  customer  service  goals  that  are 
independent  of  whether  a  member  purchases 
AARP’s  products.  Baker,  the  member  services 


AARP’s  reliance  on  revenue  from  insurers  and  other  suppliers 
has  frequently  left  the  organization  open  to  charges  that  its 
leaders  do  what  is  best  for  AARP,  rather  than  for  its  members. 


interface  will  enable  AARP  to  change  its  mix 
of  products  and  services  as  the  need  arises,  with 
less  work  for  the  IT  department. 

Having  a  standard  way  to  integrate  appli-l 
cations  with  its  membership  database  will  also 
make  it  easier  for  AARP  to  communicate] 
updates  about  its  members  to  internal  and 
external  marketers.  (AARP’s  privacy  policy 
acknowledges  that  suppliers  may  purchase 
access  to  the  membership  database,  but  they 


are  required  to  keep  membership  information 
confidential.)  AARP  does  not  sell  its  member¬ 
ship  data  to  telemarketing  companies  or  list 


Talk  to  John  Sullivan 


It's  a  question  of  balance.  For  John 
Sullivan,  CIO  of  AARP,  it's  the  fine  line 
between  sharing  information  with  his 
business  partners  and  safeguarding 
members’  privacy.  How  does  he  do  it?  Get  the 
answers  straight  from  him  when  you  ASK  THE 
SOURCE.  Sullivan  is  available  online  through 
March  14.  Go  to  www.cio.com/experts. 

cio.com 


ew  can  fade  behind  the  daily  grind.  Sullivan 
says  he  was  reminded  of  this  recently  when  a 
friend  pointed  out  a  view  of  the  Capitol’s  dome 
from  a  steep  hill  halfway  up  North  Capitol 
Street,  Yet  for  years  Sullivan  drove  into  work 
day  after  day  without  registering  that  sight. 

In  much  the  same  way,  it’s  easy  to  lose  sight 
(of  the  fact  that  AARP  is  a  big  business. 

According  to  its  most  recent  financial  state¬ 
ment,  the  organization  collected  $257  million 
[in  royalties  and  other  income  in  2002  from  the 
[products  and  services  it  sells  or  brands  to  mem¬ 
bers.  Another  $76  million  came  from  adver¬ 
tising  in  its  publications.  Only  29  percent  of 
its  revenue  comes  from  members.  AARP 
reported  a  $  1 5  million  profit,  which  the  state 
ment  says  partially  recouped  a  $23  million 
investment  in  its  statewide  operations  the  pre 
vious  year.  AARP’s  reliance  on  supplier  rev 
enue  has  frequently  left  the  organization  open 
to  charges  that  its  leaders  do  what  is  best  for 
AARP,  rather  than  for  its  members.  It  has 


director,  says  she  needed  a  better  way  to  funnel; 
members’  questions  to  appropriate  people  for] 
a  response.  “Our  members  have  a  tendency  to 
[write  questions  on  their  renewal  [forms],”  she] 
says.  Meanwhile,  Hall  notes  that  AARP’sj 
attention  to  privacy  and  security  is  related  to  its 
education  and  advocacy  programs  that  aim  to 
combat  predatory  marketing  practices  that 
[victimize  seniors. 

IT  provides  the  stage  from  which  to  man¬ 
age  this  complex  choreography,  one  project 
[at  a  time.  “Whether  it’s  76  million  baby 
[boomers  coming  or  35  million  existing  mem¬ 
bers,  we  serve  a  large  audience,”  says  Sullivan. 
“By  making  incremental  gains  [in  service 
delivery]  across  a  wide  number  of  industries, 
we  can  affect  the  marketplace  and  improve 
the  lives  of  our  members.”  BE] 


Senior  Editor  Elana  Varon  writes  about  the  financial: 
industry  and  public  policy.  E-mail  her  at  evaron@ 
fio.com. 

www.cio.com  •  MARCH  1,  2004  CIO 


6  5 


Q&A  with  Maurice  Schweitzer 


Business  Decisions 


It’s  commonly  bel  ieved  that  the  more  time  we  devote  to  a  project,  the 
betterthe  results.  Not  so.  Wharton  professor  Maurice  Schweitzer  tel  Is 
Senior  Writer  Stephanie  Overby  how  CIOs  can  correct  “input  bias”  and 
stop  confusing  quantity  with  quality. 


dvertisements  get  under 

the  skin  of  professor  and  human  behavior  expert  Maurice  Schweitzer.  There’s  the 
beer  commercial  that  brags  about  its  slow  brewing  process.  And  the  billboard  from 
a  luxury  car  manufacturer  that  boasts  about  how  its  engineers  haven’t  taken  a 
vacation  in  years.  “Three  hundred  thousand  people  vacationed  in  the  south  of 
France  last  year,  and  none  of  them  was  a  Lexus  engineer.  Who  cares?  That’s  not 
very  informative  to  me,”  says  Schweitzer.  “And  I’m  not  drinking  a  beer  because  of 
how  long  it  was  in  a  vat.  I  drink  it  because  of  how  it  tastes.” 


Schweitzer,  who  specializes  in  behavioral  decision  research  as  assistant  profes¬ 
sor  in  operations  and  information  management  at  the  Wharton  School  at  the  Uni¬ 
versity  of  Pennsylvania,  uses  these  advertisements  as  examples  of  what  he  calls 
“input  bias.”  According  to  his  research,  people  automatically  associate  input 
related  to  quantity  (how  long  it  takes  to  make  a  car)  with  output  quality  (how  well  it 
performs).  While  in  many  cases,  input  information  does  directly  correspond  to 
outcome,  in  some  cases  it  does  not.  Yet  humans  are  hardwired  to  automatically 
associate  input  and  output.  And  people  can  prey  on  your  input  bias,  causing  you  to 
make  poor  decisions  or  judgments  to  their  advantage. 

It’s  no  surprise  that  advertisers  exploit  this  basic  fact  of  human  nature.  But  CIOs, 
Schweitzer  says,  fall  victim  to  the  same  input  bias.  Employees,  vendors  and  fellow 
business  leaders  all  take  advantage  of  these  natural  biases  in  manipulating  IT  deci¬ 
sions.  Fortunately,  as  Schweitzer  told  CIO  Senior  Writer  Stephanie  Overby  in  a  recent 
interview,  there  are  ways  to  guard  against  making  mistakes  based  on  bias. 


Maurice  Schweitzer,  a  professor 
at  the  Wharton  School,  translates 
a  deep  understanding  of  human 
behavior  into  practical  advice  for 
business  decision  making. 


CIO:  Can  you  explain  what  your  research 
has  revealed  about  input  bias— that  is, 
how  information  on  the  quantity  of  some¬ 
thing  is  often  misused  to  infer  quality? 
Maurice  Schweitzer:  In  general,  input 
quantities  are  positively  related  to  the 
quality  of  outcome.  The  more  you  invest 
in  a  project,  the  better  that  outcome  will 
be.  Companies  that  spend  a  lot  of  money 
on  R&D  typically  produce  the  most 
innovative  products.  The  more  time  an 
employee  spends  in  the  office,  the  more 
productive  she  is.  Students  who  study 
the  most  do  better  on  exams.  It’s  a  natu¬ 
ral  assumption  that’s  usually  right. 

However,  there  are  many  cases  where 
that  direct  relationship  does  not  exist.  For 
example,  people  assume  that  longer  hospi¬ 
tal  stays  are  better  and  propose  legislation 
that  women  who  give  birth  should  spend  a 
certain  length  of  time  in  the  hospital.  They 
figure  the  longer  you’re  in  the  hospital,  the 
better  care  you’ll  receive.  But  in  fact,  there 
are  so  many  sick  people  in  a  hospital  that  it’s 
actually  not  a  great  place  to  be  unless  you 
have  to  be  there. 

We  live  our  lives  mostly  on  automatic 
pilot,  and  we  have  heuristics — decision  rules 
or  shortcuts — to  make  a  lot  of  our  decisions. 
Assuming  that  input  quantity  directly  cor¬ 
relates  to  outcome  quality  is  one  of  those. 
These  heuristics  can  lead  us  afoul.  There  are 
times  when  we  need  to  step  back  and  give 
decisions  some  extra  attention.  That  means 
participating  in  a  deliberate  thought  process 
that  takes  our  natural  biases  into  account. 

Certainly  we  all  use  a  lot  of  shortcuts  in  mak¬ 
ing  decisions  every  day.  Why  is  the  input  bias 
particularly  dangerous? 

It’s  a  social  bias  that  relies  on  information 
from  people  around  you  and  is  thus  much 
more  dangerous  because  people  can 
manipulate  you.  The  classic  example  is  face 
time.  Someone  puts  in  a  lot  of  time  in  the 
office;  you  assume  they’re  working  hard. 
Or  he  says,  I  had  this  many  people  working 
on  this  project,  or  This  program  I  created 
has  so  many  lines  of  code.  He’s  giving  you 
some  measure  of  the  input  in  a  way  that 

www.cio.com  •  MARCH  1,  2004  CIO  67 


Q&A  with  Maurice  Schweitzer 


Business  Decisions 


might  skew  your  judgment  of  the  outcome. 

The  input  information  they  give  you  may 
be  accurate.  But  of  particular  importance  to 
managers  and  business  decision-makers  is  the 
fact  that  people  can  manipulate  or  misrepre¬ 
sent  input  to  prey  on  this  bias. 

It’s  obvious  that  a  vendor  trying  to  sell  you  a 
software  product  might  take  advantage  of 
the  input  bias.  But  are  employees  really  that 
manipulative,  or  is  it  simply  an  ingrained 
part  of  corporate  culture? 

Sure,  organizational  culture  is  part  of  it.  But 
people  really  are  that  manipulative.  Think 
about  the  concept  of  people  overstating 
expense  reports.  Does  that  really  happen?  Yes. 
And  it’s  even  more  subtle  than  that;  it’s  about 
creating  impressions.  I  have  students  who 
come  up  to  me  and  say  they  spent  five  hours  in 
the  library  working  on  a  project,  or  they  stud¬ 
ied  for  a  week  for  my  exam.  Those  measures 
shouldn’t  matter.  I’m  interested  in  how  well 
you  did  on  the  test,  not  how  many  hours  you 
spent  staring  at  the  book.  But  people  will  con¬ 
vey  that  information  nonetheless.  And  even  if 
you  know  it  doesn’t  matter,  it  still  has  an  influ¬ 
ence  on  your  j  udgment  of  the  outcome. 

What  are  some  instances  in  which  CIOs  would 
likely  rely  on  irrelevant  input  information? 

In  one  of  our  experiments,  we  submitted  two 
presentations  on  emerging  technologies  to  [col¬ 
lege  students].  They  saw  two  videotapes  of 
someone  describing  a  new  technology  they 
knew  nothing  about.  With  each  presentation, 
we  told  half  of  the  group  that  the  presenter  had 
spent  a  long  time  preparing  the  presentation, 
and  the  other  half  that  he  had  spent  a  shorter 
time  preparing.  After  viewing  the  tape,  they 
judged  the  quality  of  the  presentations  along 
several  different  dimensions,  and  with  every 
one,  they  gave  higher  marks  when  we  told  them 
the  presenter  had  put  in  more  time.  What  was 
surprising  was  that  even  when  they  indicated 
that  they  knew  the  preparation  time  didn’t 
really  matter,  they  still  were  influenced  by  it. 

People’s  judgments  often  depend  on  how 
easy  it  is  to  evaluate  something.  If  it’s  easy  to 
measure  the  outcome,  we  may  not  rely  on 
input  measures.  If  someone  is  performing  in 


the  Olympics,  their  time  is  a  clear  measure  of 
how  they  did.  But  in  other  cases,  such  as  judg¬ 
ing  how  innovative  a  pharmaceutical  com¬ 
pany  is,  it’s  harder  to  reach  a  decision.  So  you 
might  rely  on  whatever  objective  measures  are 
available,  such  as  how  many  patents  the  com¬ 
pany  has.  But  in  reality,  that’s  not  a  good  meas¬ 
ure  because  more  patents  are  filed  for  small 
modifications  of  existing  compounds,  and 
there  aren’t  really  that  many  big  blockbuster 
drugs  involved. 


OK,  so  how  are  CIOs  influenced  by  input  bias? 

A  CIO  may  need  to  judge  the  innovativeness 
of  a  technology  company.  They  might  rely  on 
quantitative  input  information  such  as  R&D 
expenditures.  But  that  may  not  be  the  best 
indication  of  innovation. 

In  judging  the  quality  of  a  software  pack¬ 
age,  they  might  look  at  the  number  of  lines  of 
code  in  a  program.  But  that’s  not  really  what 
they  should  care  about — it’s  whether  the  pro¬ 
gram  is  effective.  If  they  could  measure  speed 
at  which  a  program  could  complete  a  task, 


that  would  be  a  better  measure  for  them.  But 
if  they  are  comparing  packages  that  perform 
different  kinds  of  tasks,  that’s  hard  to  do,  so 
they  rely  on  things  they  can  actually  measure. 

Similarly,  when  judging  employee  per¬ 
formance  or  interviewing  job  candidates, 
CIOs  may  rely  on  whatever  objective  meas¬ 
ures  are  available,  relevant  or  not:  how  much 
face  time  employees  put  in,  how  many  hours 
they  spent  on  a  project.  But  that’s  not  really 
what  CIOs  should  care  about. 


Are  you  saying  that  even  when  faced  with  a 
really  rotten  employee  or  a  project  that’s 
tanking,  CIOs  can  be  fooled  into  thinking  the 
outcome  is  better  than  it  actually  is  based  on 
input  like  face  time  or  the  number  of  people 
working  on  a  project? 

No.  If  something  is  really  bad,  input  bias  isn’t 
going  to  work.  In  one  experiment,  we  offered 
people  two  samples  of  iced  tea.  In  one 
instance,  we  asked  people  to  compare  normal 
raspberry  and  lemon  iced  teas.  We  told  them 
one  was  made  with  an  expensive  machine  and 


“I  have  students 
who  come  up 
to  me  and  say 
they  spent  five 
hours  in  the 
library,  or  they 
studied  for  a 
week  for  my 
exam.  Those 
measures 
shouldn’t 
matter.” 

-MAURICE  SCHWEITZER 


68  CIO  MARCH  1,  2004  •  www.cio.com 


HOW  DO  YOU  OFFER 


TO  ROOM  12649  WHEN 
THERE  IS  A  ROOM  12649? 


Nobody  can  please  everybody;  it  takes  a  network  to  do  that.  More  specifically,  a  sophisticated  platform  that  integrates 
advanced  computing  and  networking  technologies  like  voice  and  data  networks  combined  with  high-availability  servers 
from  NEC.  They  empower  massive  hotels  to  track  individual  preferences  while  enabling  a  wide  range  of  guest  services 
and  administrative  functions.  It’s  the  kind  of  innovative  approach  you  can  expect  from  NEC  for  your  business.  And 
it’s  how  we  continue  to  deliver  on  our  promise  of  empowering  people  through  innovation,  www.necus.com  800-338-9549 


IT  SERVICES  AND  SOFTWARE  ENTERPRISE  NETWORKING  AND  COMPUTING  SEMICONDUCTORS  IMAGING  AND  DISPLAYS 


©NEC  Corporation  2003.  NEC  and  the  NEC  logo  are  Registered  Trademarks  of  NEC  Corporation 


Empowered  by  Innovation 


Business  Decisions 


Q&A  with  Maurice  Schweitzer 

one  was  made  with  an  inexpensive  machine. 
We  got  the  same  results  we  did  with  other 
experiments:  Input  bias  mattered,  and  most 
participants  rated  the  tea  made  with  the 
expensive  machine  a  better  tea.  We  conducted 
the  same  experiment  with  the  same  teas,  but 
we  added  lime  juice  and  salt  to  them.  They 
were  really  terrible.  For  the  bad  teas,  they 
didn’t  care  about  the  expense  of  the  equip- 


important.  You  can  stay  on  automatic  pilot 
when  deciding  which  bowl  to  use  for  cereal  or 
what  tie  to  put  on.  When  it’s  something  that’s 
important — when  it’s  a  major  decision — they 
need  to  set  aside  time  to  be  deliberate  and  care¬ 
ful  in  order  to  make  an  unbiased  decision. 

That  really  speaks  to  the  psychology  of  the 
input  bias.  This  is  something  that  is  hardwired 
in  our  cognition  as  human  beings.  We  can  dis- 


ware  package  B.  Both  companies  make  their 
pitches.  The  CIO  can  then  assemble  a  panel 
of  employees  to  test  out  both  software  pack¬ 
ages.  These  individuals  will  not  know  as  much 
about  what  the  inputs  are:  how  many  lines  of 
code  there  are,  how  long  the  software  engi¬ 
neers  worked  on  it,  how  much  money  it  cost 
to  produce.  That  irrelevant  information  is 
stripped  out.  The  CIO  himself  may  have  input 


If  you’re  trying  to  choose  between  two  software  packages,  it  might  make  sense  to 
have  both  tested  by  employees  who  don’t  know  how  long  the  software  took  to  build  or 
how  much  it  cost  to  develop— the  kind  of  input  data  that  could  bias  their  judgment. 


ment  used  to  make  them.  They  were  just  bad. 

People  tend  to  think  more  critically  when 
they  experience  a  low-quality  outcome.  It 
shocks  them  into  being  much  more  careful 
and  calculative.  When  a  CIO  encounters  a  bad 
outcome,  he  will  go  off  automatic  pilot  and 
make  judgments  based  on  quality.  If  you  have 
an  employee  who’s  just  a  disaster — even  if 
there’s  high  input — it’s  not  going  to  help.  If 
there’s  a  software  product  that  keeps  crash¬ 
ing,  you  can’t  sell  it  based  on  input  measures. 

You  say  the  more  accountable  people  are  for 
their  decisions,  the  more  likely  they  are  to 
rely  on  irrelevant  input.  Please  elaborate. 

It  comes  down  to  the  issue  of  justifiability.  If 
you  have  to  justify  your  decisions  to  someone 
else,  tell  someone  why  they  were  passed  up  for 
a  promotion  or  explain  to  your  board  why  it 
should  invest  in  a  certain  system,  you’re  more 
likely  to  rely  on  input  measures  because  they 
give  you  some  justification  for  your  decisions. 

So  what  can  CIOs  themselves  do  to  safe¬ 
guard  their  own  decisions  from  irrelevant 
input  information? 

People  are  most  deliberate  in  decision  making 
when  the  environment  around  them  is  quiet, 
when  they  are  at  rest,  when  they’re  not  under 
time  pressure.  Those  are  situations  a  CIO  is 
rarely  in.  CIOs  are  very  busy,  and  they  are 
likely  to  be  on  automatic  pilot  most  of  the 
time.  They  have  to  be  very  careful  to  identify 
situations  in  which  their  decisions  are  really 


engage  from  it  and  be  very  deliberative  in  our 
decision  making,  but  it’s  hard.  It  doesn’t  come 
naturally.  We’re  all  much  weaker  mentally 
than  we  think. 

Might  CIOs  and  IT  managers  inadvertently 
encourage  the  manipulation  of  the  input 
information? 

Yes.  CIOs  need  to  take  a  look  at  how  their 
incentive  systems  are  set  up.  Law  firms  reward 
people  for  the  number  of  hours  they  bill.  The 
incentive  isn’t  to  be  the  fastest.  IBM  used  to 
reward  people  based  the  on  number  of  lines 
of  code  they  produced  when,  in  fact,  pro¬ 
grammers  actually  might  be  more  efficient  by 
producing  fewer  lines  of  code. 

Instead,  you  need  to  create  an  evaluation 
system  that  measures  what  you  actually  want 
and  reward  employees  based  on  that.  In  the 
case  of  programmers,  you  would  want  to  look 
at  objective  measures  of  their  work  (how  fast 
the  code  performs  a  particular  computation, 
how  often  it  crashes,  how  much  memory  it 
takes)  and  assess  those  criteria.  If  objective 
measures  are  too  difficult  to  construct,  you 
might  have  a  manager  familiar  with  the  pro¬ 
gram  judge  the  outcome.  Or,  if  the  program¬ 
mers’  project  is  complete,  you  could  go 
“downstream” — to  look  at  customer  satis¬ 
faction  or  adoption. 

What  can  CIOs  do  to  correct  the  input  bias? 

Suppose  someone  is  trying  to  sell  you  soft¬ 
ware.  You  have  software  package  A  and  soft- 


information,  and  some  of  it  may  be  relevant. 
But  the  review  process  helps  to  mitigate  the 
overreliance  on  input. 

Or  suppose  you  have  someone  coming  up 
for  a  promotion.  You’d  like  to  have  a  diverse 
panel  of  people  who  can  judge  the  quality  of 
his  work.  These  people  might  be  more  likely  to 
evaluate  the  person’s  accomplishments  with¬ 
out  information  such  as  how  much  time  he 
spends  in  the  office  or  how  hard  he  appears  to 
work.  Again,  in  some  cases,  you  may  want 
someone  who  works  very  hard,  even  if  they’re 
not  having  any  success  yet.  CIOs  just  need  to 
make  an  effort  so  that  they  don’t  put  an  inor¬ 
dinate  amount  of  weight  on  input  measures 
that  may  not  matter. 

When  it  comes  to  justifying  decisions,  what 
can  CIOs  rely  on  rather  than  input  measures? 

When  they  implement  these  kinds  of 
processes,  they  can  truly  focus  on  the  merits 
of  a  piece  of  software.  The  advantage  of  using 
a  panel  of  employees  to  review  different  prod¬ 
ucts  is  that  once  the  employee  panel  makes  a 
unanimous  recommendation  for  product  B, 
CIOs  can  use  that  conclusion  as  their  justifi¬ 
cation.  What’s  important  is  often  the  speed  at 
which  your  algorithm  solves  a  problem,  or 
how  the  end  user  rates  the  product  in  terms  of 
its  interface.  Those  are  the  measures  CIOs 
want  to  look  at.  HE] 


Senior  Writer  Stephanie  Overby  can  be  reached  via 
e-mail  at  soverby@cio.com. 


70  CIO  MARCH  1,  2004  •  www.cio.com 


_^NOW 
SHOWING 

WITH — f 
DLTSAGE 


't  •’  "f  I  h  i  r  rr 

rir  tijM  I  aAn  A  cAn 


ii  VAV'Vvli^ 

ilf 

1 

hmmouhcihs  he  viohlo 


*  '  *  _  c  -r u c  SOLT  6001 

RENUERE  of  the  Sul 


NO  PURCHASE  NF.CESSARY.  Go  to  OLTtape.com  tor  official  rules.  Sweepstakes  ends  3/31/04  Open  to  residents  ol  the  United  States  and  Canada  who  arc  18  or  older  and  employed  as  an  IS/IT  professional.  Void  in  Quebec 
©  2004  QuaWm  Corporation..  All  rights  reserved  OPTIONS  ARE  A  BEAUTIFUL  THING,  DLTtape  and  DLTSage  are  trademarks  and  the  DLTtape  logo  is  a  registered  trademark  of  "Quantum  Corporation.  ‘Based  on  2:1  compression 


Staffing 


HOWTO 


Reader  ROI 

►  How  to  assess  a  candidate’s 
answers  to  your  interview 
questions 

►  Ways  to  determine  who’s 
got  the  right  attitude  for 
your  organization 

►  Howto  get  useful  information 
from  your  candidates 


Hiringthe  right  people  for  your  IT  organization  is 
not  an  easy  job,  nor  an  exact  science.  We’ll  show 
you  how  to  identify  the  candidates  with  the  right 

attitude.  BY  MERIDUH  LEVINSON 


After  three  weeks  of  rigorously  screening  candidates,  Sandy  Hofmann,  CIO  and 

chief  people  officer  at  Mapics,  hired  Chris  White  (not  her  real  name)  for  an  IT  management  position 
at  the  manufacturing  software  vendor.  White  was  responsible  for  leading  a  team  of  six  individuals 
and  for  overseeing  one  of  the  company’s  technology  functions.  Hofmann  was  convinced  White  was 
the  right  person  for  the  job.  After  all,  she  had  worked  in  environments  similar  to  the  one  at  Mapics 
and  had  solved  technical  problems  similar  to  the  ones  the  vendor  was  facing.  White  also  had  good 
references,  who  assured  Hofmann  that  White  was  assertive,  positive  and  capable.  She  made  a  good 
impression  on  each  of  the  Mapics  employees  who  interviewed  her,  and  she  got  HR’s  seal  of  approval. 

But  it  wasn’t  long  after  White  was  hired  that  Hofmann  began  to  realize  she  had  made  the  wrong 
choice.  White  didn’t  stand  up  for  her  subordinates.  Instead,  she  blamed  her  own  failures  on  her  direct 
reports.  She  was  condescending  toward  older  workers.  And  she  didn’t  make  her  direct  reports  feel  wel¬ 
come  or  comfortable  when  they  came  to  her  for  direction.  “We  have  very  high  expectations  of  our  man¬ 
agers,”  says  Hofmann.  “If  a  manager  can’t  care  for  the  people  in  their  charter,  it  puts  the  company’s 
ability  to  be  successful  at  risk.  ”  Three  months  after  White  came  on  board,  Mapics  showed  her  the  door, 
and  Hofmann  had  to  commence  the  costly  and  time-consuming  hiring  process  all  over  again. 

In  spite  of  their  apparent  due  diligence,  many  CIOs  still  miss  the  mark  when  trying  to  find  the 
right  person  for  a  job.  Oh  sure,  they  know  the  qualities  that  a  new  hire  should  possess: 


72  CIO  MARCH  1,  2004 


PHOTO  BY  STAN  KAADY 


SO  YOU  DON’T  HAVE  TO 


A 

* 


SANDY  HOFMANN,  CIO  and  chief 
people  officer  at  Mapics,  often  finds 
the  right— and  completely  wrong- 
candidates  for  a  job  by  asking  them 
what  they  would  do  if  she  gave  them 
an  elephant. 


Staffing 


They  want  someone  who’s  passionate  about 
her  work,  eager  to  learn,  open  to  new  experi¬ 
ences  and  plays  well  in  the  corporate  sand¬ 
box.  Those  are  all  traits  that  indicate  a  good 
attitude.  Hiring  is  such  a  crapshoot  because 
CIOs  don’t  know  how  to  determine  whether 
the  suit  sitting  in  their  office  really  possesses 
the  characteristics  they’re  seeking  and  is  all 
that  she  claims  to  be.  Further  complicating 
the  process  is  that  prospective  employees  are 
always  on  their  best  behavior,  and  CIOs  can 
no  longer  rely  on  references  to  vet  candidates, 
since  legal  departments  are  increasingly  advis¬ 
ing  companies  not  to  provide  references  for 
liability  reasons. 

Indeed,  Peter  Cappelli,  a  professor  of  man¬ 


agement  at  the  Wharton  School  of  the  Univer¬ 
sity  of  Pennsylvania,  says  that  most  companies 
are  so  bad  at  finding  the  right  person  for  a  job 
that  they  have  no  idea  whether  their  hiring 
process  is  effective.  But,  he  adds,  “you  don’t 
have  to  do  much  to  make  huge  improve¬ 
ments.”  That’s  good  news  for  CIOs,  who’ve 
been  more  occupied  during  the  past  three  years 
with  layoffs  than  with  recruiting.  As  the  econ¬ 
omy  rebounds,  they  will  have  to  start  polishing 
their  rusty  interviewing  skills  and  become  mas¬ 
ters  of  evaluating  candidates’  dispositions  and 
suitability  for  a  position.  To  help  you  in  this 
endeavor,  we  have  compiled  three  methods  for 
assessing  a  person’s  attitude  and  making  sure 
you  get  the  right  person  for  the  job. 


ALL  THE  RIGHT  QUESTIONS 

oo  often  hiring  managers  focus  on  a 
candidate’s  skills  and  qualifications 
rather  than  on  who  he  is  or  his  per¬ 
sonality,  says  Dick  Grote,  president  of  Grote 
Consulting,  which  specializes  in  performance 
management.  “The  focus  of  our  selection  is 
on  whether  an  individual  can  or  can’t  do  a  job. 
We  ask,  ‘Where  did  you  go  to  college?  How 
much  experience  have  you  had?”’ 

That  is  not  to  say  that  CIOs  shouldn’t  test 
a  candidate’s  knowledge  or  ask  about  his  pro¬ 
fessional  experience.  But  they  should  stock 
their  interviewing  arsenals  with  the  types  of 
questions  that  will  help  them  identify  if  some¬ 
one’s  personality  and  attitude  is  right  for  the 


I  Can’t  Believe  He  Said  That! 

Outrageous  responses  to  CIOs’  interview  questions 


QUESTION 

ANSWER 

ANALYSIS 

BETTER  ANSWER 

Do  you  have  any 
questions  about 
the  job? 


What  are  you  looking 
for  in  a  job? 

From  Sandy  Hofmann,  CIO  and 
chief  people  officer  of  Mapics 

Where  do  you  want  to 
go  in  your  career? 


Why  do  you  want  to  leave 
your  current  job? 

From  Christopher  Hjelm, 

CTO  of  Orbitz 

How  would  you  tell  a  senior 
vice  president  that  your 
project  is  multimillions  over 
budget  and  doesn’t  work? 

From  Tracy  Austin,  CIO  of 
Mandalay  Resort  Group 


Can  I  get  an  advance 
on  my  first  paycheck? 


A  nice  quiet  place  to  work 
where  no  one  bothers  me. 


I  really  want  to  be  the  head 
of  a  bigger  organization. 


I've  done  as  much  as  I  can 
do  there,  and  I’m  looking  for 
the  next  opportunity. 


I’d  let  you  do  it. 


This  person  is  not  looking  to 
contribute  to  the  company 
but  is  looking  for  us  to  con¬ 
tribute  to  her. 

Then  why  are  you  applying 
fora  job  in  IT? 


If  I  hired  this  person,  they'd 
be  more  concerned  with 
getting  to  the  next  level 
than  with  their  current  job. 

This  is  B.S. 


Next! 


Why  did  the  last  person  who 
was  in  the  position  leave? 


An  opportunity  to  exercise  the  skills 
I’ve  gleaned  over  the  years  whiie 
also  tackling  new  challenges. 


I  want  to  work  for  a  company  where 
I  can  roll  up  my  sleeves  and  have  a 
real  impact  on  the  company’s  prod¬ 
uct  and  brand. 

Anything  that  smacks  of  the  truth, 
even  if  it  is,  “I  couldn’t  stand  my 
old  boss.” 


I’d  give  it  to  him  straight.  And 
I’d  assure  him  that  my  staff  and 
I  would  audit  the  project  to  find 
out  what  went  wrong  so  that  we 
could  prevent  it  from  happening 
in  the  future. 


7  4 


CIO  MARCH  1,  2004 


www.cio.com 


MIDDLEWARE  IS  IBM  SOFTWARE.  Powerful  software 
including  DB2,®  Lotus?  Rational? Tivoli®  and  WebSphere®  that 
develops,  integrates  and  manages  your  applications  and 
systems.  Everything  is  efficient  and  seamless.  Across  the 
board.  Across  platforms.  Microsoft®  Oracle.  Sun.  You  name  it. 
IBM’s  flexible  open  middleware  can  connect  it  all.  It’s  instant 
business  benefit.  Instant  customer  satisfaction.  On  demand, 
(©business  on  demancTat  ibm.com/software/integrate 


1.  Instantly  admitting  patient. 

2.  Immediately  processing  claim. 

3.  Automatically  approving  procedure. 

4.  Constantly  tracking  treatment. 

5.  Directly  assessing  costs. 


Middleware 


IBM,  DB2.  Lotus,  Tivoli.  WebSphere,  the  e-business  logo  and  e-business  on  demand  are  registered  trademarks  or  trademarks  of  International  Business 
Machines  Corporation  in  the  United  States  and/or  other  countries.  Rational  is  a  trademark  of  International  Business  Machines  Corporation  and  Rational 
Software  Corporation  in  the  United  States,  other  countries  or  both.  Microsoft  is  a  registered  trademark  of  Microsoft  Corporation  in  the  United  States  and/or 
other  countries.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©  2003  IBM  Corporation.  All  rights  reserved. 


Middleware  is  Everywhere. 

Can  you  see  it? 

-.  ' '  ' 

Staffing 


position  they’re  looking  to  fill.  (Learn  how  to 
assess  personality  based  on  sample  answers 
in  “I  Can’t  Believe  He  Said  That!”  Page  74.) 

Bear  in  mind  that  these  questions  aren’t  nec¬ 
essarily  traditional.  For  example,  Mapics’  Hof¬ 
mann  asks,  What  would  you  do  if  I  gave  you 
an  elephant?  (Interestingly,  howevei;  she  did  not 
ask  Chris  White  that  question.)  One  candidate 
interviewing  for  a  customer  support  position 
said  he’d  slaughter  the  elephant  and  eat  it.  This 
response  suggested  to  Hofmann  that  the  candi¬ 
date  lacked  the  warmth  necessary  for  helping 
customers.  Another  candidate  said  she’d  learn 
how  to  care  for  the  animal  and  provide  it  with 
food  and  water  until  she  could  find  it  a  suitable 
home.  This  response,  indicative  of  the  candi¬ 


date’s  empathy,  told  Hofmann  that  she’d  found 
her  customer  support  specialist. 

Brian  Kautz,  CIO  of  Arnold  Logistics,  typ¬ 
ically  asks  candidates  to  describe  their  dream 
job.  “The  answer  gives  you  insight  into  the 
person  and  the  types  of  things  they  like,”  he 
says,  adding  that  CIOs  should  be  wary  of  can¬ 
didates  who  start  describing  the  job  for  which 
they’re  applying.  This  can  suggest  that  they’re 
disingenuous,  focusing  on  their  own  agenda 
instead  of  on  what’s  being  asked  of  them. 

John  Sullivan,  a  management  professor  at 
San  Francisco  State  University,  says  you  can 
use  a  person’s  answer  to  the  dream-job  ques¬ 
tion  to  determine  whether  the  characteristics 
they’re  looking  for  match  the  job  you’re  offer¬ 


ing.  If  there’s  a  match,  you  may  have  a  winner. 
If  not,  you  will  probably  want  to  move  on  to 
the  next  candidate.  For  example,  if  your  cor¬ 
porate  environment  is  cutthroat  and  internally 
competitive,  and  you  have  a  candidate  who 
describes  his  dream  job  as  one  that  challenges 
his  intellect,  rewards  his  contributions  and  his 
colleagues  subordinate  their  personal  agen¬ 
das  for  the  benefit  of  the  company,  he’s  prob¬ 
ably  going  to  be  unhappy  working  for  you. 

In  addition,  when  you  ask  about  skills  and 
experience,  make  those  questions  as  pointed  as 
possible.  Frequently  CIOs  ask  unspecific,  unin¬ 
spired  questions  that  they’ve  been  asked  in  the 
past,  like,  Tell  me  about  a  project  you  worked 
on.  What  went  well?  What  didn’t?  What  do 
you  expect  from  your  manager,  and  what 
should  your  manager  expect  from  you?  These 
questions  elicit  canned  answers,  and  interview¬ 
ees  often  respond  by  telling  you  what  they  think 
you  want  to  hear,  thereby  not  revealing  their 
true  personality. 

Instead,  ask  questions  specific  to  the  role 
they’ll  be  playing  in  the  organization.  When 
hiring  for  a  leadership  position,  ask  candidates 
if  they’ve  ever  fired  anyone,  says  Mark  Zim¬ 
merman,  vice  president  of  IT  at  Gevity  HR.  If 
a  candidate  has  been  in  that  situation,  ask  why 
and  how  she  handled  it.  If,  for  example,  the 
candidate  says  that  she  first  sought  HR’s 
advice  to  ensure  she  wasn’t  violating  any  poli¬ 
cies  or  making  herself  vulnerable  to  a  lawsuit 
before  telling  the  employee  in  the  privacy  of 
her  office  that  the  person’s  performance  was 
negatively  affecting  team  morale  and  that  the 
employee  would  need  to  move  on,  then  you 
know  the  person  is  capable  of  handling  sticky 
situations  in  a  methodical,  professional  man¬ 
ner.  On  the  other  hand,  if  the  candidate 
answers  that  he’d  simply  tell  the  employee  that 
she’s  unsuitable  for  the  position  and  hand  her 
a  pink  slip  without  ever  having  reviewed  the 
performance,  the  individual’s  response  indi- 


BRIAN  KAUTZ,  CIO  of  Arnold  Logistics, 
uses  a  personality  assessment  test  called 
the  Predictive  Index  to  create  job  ads  that 
state  the  types  of  characteristics  needed 
for  a  position. 


PHOTO  BY  BILL  CRAMER 


Middleware  is  Everywhere 


MIDDLEWARE  IS  IBM  SOFTWARE.  Powerful  software  like 
IBM  WebSphere®  Using  an  open  and  scalable  foundation 
WebSphere  software  lets  you  swiftly  respond  to  change.  On 
demand.  Applications  are  easily  updated,  tested  and  deployed 
Lead  time  is  shortened.  And  everything  clicks,  regardless  of 
platform.  WebSphere  delivers  it  all.  On  the  money.  On  demand 
(©business  on  demand  “at  ibm.com/websphere/rniddleware 


1.  New  design  already  tested. 

2.  Suppliers  already  linked. 

3.  Procurement  already  automated 

4.  Blueprints  already  updated. 

5.  Engine  all  ready  for  takeoff. 


WebSphere 


^ 

’73b*  *  1 

gin 

i  II' m  tfiSEfL *  ^B 

.».g'  - 

*  r,|/  Aft  .^K| 

j  5  | 

*u 

4  B 

Staffing 


cates  a  lack  of  sensitivity  and  experience. 

When  hiring  for  a  project  manager  posi¬ 
tion,  Tracy  Austin,  CIO  of  Mandalay  Resort 
Group,  suggests  asking  candidates  how  they 
would  tell  a  senior  vice  president  that  a  critical 
IT  project  is  multimillions  over  budget  and 
doesn’t  work.  Austin  says  a  prospective 
employee  once  answered  that  question  by  say¬ 
ing,  “I’d  have  you  do  it.”  Austin  instantly 
knew  this  person  didn’t  have  the  nerve 
required  for  the  job.  A  better  response  would 
have  been  to  be  frank  about  the  problems, 
identify  what  went  wrong  and  come  up  with 
a  solution  for  either  getting  the  project  back 
on  track  or  for  preventing  the  company  from 
losing  any  more  money  on  the  project. 


TRY  BEHAVIORAL  ASSESSMENTS 


While  judging  personality  may  well 
be  the  most  critical  component  in 
determining  whether  someone  is 
right  for  a  job  and  for  your  IT  organization, 
it’s  also  the  most  elusive  factor  to  identify. 
Some  CIOs,  like  Arnold  Logistics’  Kautz,  use 
behavioral  or  personality  assessment  tools  to 
measure  a  person’s  fit  for  a  job.  Kautz  has  had 
success  with  a  Web-based  tool  called  the 
Predictive  Index  (PI),  having  hired  six  people 
with  the  tool  since  2001,  all  of  whom  still 
work  for  him.  Other  personality  assessments 
are  The  Big  Five,  which  measures  five  facets 
of  personality  (conscientiousness,  neuroti- 
cism,  agreeableness,  openness,  and  introver¬ 
sion  or  extroversion),  and  the  Minnesota 
Multiphasic  Personality  Inventory,  a  more 
controversial  test  used  to  diagnose  and  treat 
personality  disorders,  and  administered  most 
often  for  lower-level  employees. 

Developed  in  the  1950s,  the  PI  provides 
information  about  the  working  conditions 
that  are  most  rewarding  to  an  individual 
and  that  make  the  employee  the  most 
motivated  and  productive  (see  the  test  at 
www.piworldwide.com).  When  administered 
on  a  computer,  the  PI  consists  of  two  separate 
screens.  The  first  lists  86  adjectives,  including 
sophisticated,  earnest,  self-starter,  loyal,  pas¬ 
sive,  persuasive,  obstinate  and  charitable.  The 
individual  taking  the  PI  is  asked  to  select  as 
many  adjectives  from  the  list  that  describe  the 


TRACY  AUSTIN,  CIO  of  Mandalay  Resort  Group,  suggests  trying  to  hire  people  you  know.  She 
did  that  recently  for  a  director  position,  bringing  in  someone  she  had  worked  with  previously 
in  a  consulting  relationship. 


way  he  thinks  others  expect  him  to  act.  The 
second  screen  contains  the  same  adjectives  and 
asks  the  person  to  check  off  those  that  he  thinks 
describes  himself.  The  PI  measures  a  person’s 
optimum  working  conditions  by  comparing 
what  he  checks  off  on  the  first  screen  with  what 
he  checks  off  on  the  second  screen. 

Kautz  admits  to  being  a  skeptic  when  his 
company  first  used  the  Predictive  Index.  He 
begrudgingly  began  administering  it  simply 
because  it  was  a  corporate  initiative.  He 
thought  it  would  create  a  homogeneous 
organization  of  drones  who  never  disagreed 
with  one  another.  The  fact  was,  Kautz  didn’t 
understand  the  purpose  of  the  PI,  which  is 
predicated  on  the  notion  that  organizations 
need  to  be  diverse  because  different  positions 


require  different  personalities  and  behaviors. 

As  he  learned  to  use  the  test  to  his  advan¬ 
tage,  however,  his  skepticism  waned.  He 
found  he  was  able  to  improve  the  quality  of 
his  hires  while  spending  less  time  interview¬ 
ing.  Before  he  started  using  the  PI,  his  hiring 
decisions  rested  solely  on  a  candidate’s  skills 
and  experience.  Because  the  PI  makes  behav¬ 
iors  measurable,  he  now  has  a  sound  way  to 
compare  the  required  behaviors  with  a  poten¬ 
tial  employee’s  actual  behaviors. 

Kautz  uses  the  PI  to  create  job  ads  that  state 
the  type  of  person  and  characteristics  that  are 
needed  for  a  position.  He  gives  people  in  the 
position  for  which  he’s  hiring  and  others  who 
interface  with  that  position  a  form  called  a 
PRO  (Performance  Requirement  Options), 


78  CIO  MARCH  1,  2004  •  www. cio.com 


PHOTO  BY  DANNY  TURNER 


Can  your  network  turn 
business  as  we  kpow  it  into 
business  as  we  want  it? 


rrr 


IT  CAN  IF  IT’S  DESIGNED  BY  THE  WORLD’S  NETWORKING  COMPANY.  Now  that  everything  is  on  it,  your 
network  is  more  important  than  ever.  So,  can  your  network  handle  the  demands  of  a  transformed, 
interconnected  and  very  demanding  new  world?  Is  it  wired  and  wireless  and  virtual  and  constantly 
available  to  authorized  personnel  and  nobody  else?  Is  it  in  lockstep  with  your  partners  and  three  steps 
ahead  of  your  customers?  At  AT&T,  we  don’t  just  carry  more  Internet  traffic  than  anyone  in  North 
America,  we’re  also  committed  to  building  simpler,  stronger  and  smarter  networking  environments. 
And  it’s  why  we're  partnering  with  other  key  technology  companies  to  help  make  it  happen.  Can 
your  network  overpower  every  obstacle  in  its  way  and  actually  do  all  the  things  it  was  designed  to 
do  in  the  first  place?  We’d  like  to  introduce  you  to  one  that  can.  Just  call  1-888-889-0234. 


AT&T 

The  world's  networking  company™ 


att.com/networking  ©2004  AT&T 


Staffing 


which  includes  an  extensive  list  of  activities 
such  as  sitting  in  front  of  a  computer  for  most 
of  the  day  and  delegating  authority  to  subor¬ 
dinates.  He  asks  them  to  choose  the  most  fre¬ 
quently  performed  activities.  The  PI  translates 
those  activities  into  behaviors  and  charts  them. 
For  example,  if  co  workers  check  off  delegating 
authority,  talking  persuasively  and  selling 
ideas,  those  activities  indicate  that  the  job 
requires  someone  who’s  extroverted  and  pos¬ 
sesses  an  intuitive  sense  of  other’s  feelings. 
Kautz  can  then  write  in  his  ad  that  he’s  looking 
for  extroverted,  intuitive  people. 

He  also  uses  the  PI  to  screen  candidates.  For 
a  systems  analyst  position  that  he  needed  to 
fill,  he  wrote  a  job  description  based  on  data 
he  obtained  from  the  PRO  that  noted,  among 
other  things,  that  the  person  applying  had  to  be 
capable  of  multitasking  and  working  in  a  fast- 
paced  environment.  After  screening  resumes 
and  determining  which  applicants  had  the 
skills,  he  e-mailed  them  a  link  to  the  PI.  When 
he  received  their  results,  Kautz  matched  them 
to  the  PRO.  Kautz  interviewed  those  candi¬ 
dates  whose  PI  results  most  closely  matched 
the  PRO,  and  he  hired  the  person  who  most 
closely  matched  what  he  was  seeking. 

The  PI  also  helps  him  identify  smooth  talk¬ 
ers  and  those  who  respond  to  questions  with 
answers  they  think  will  net  them  the  job.  One 
time  when  Kautz  was  hiring  for  a  leadership 
position  that  required  a  lot  of  interpersonal 
work  and  direct  management  of  small  teams, 
he  interviewed  a  candidate  who  looked  great 
on  paper  and  made  a  good  impression  during 
the  interview.  He  answered  questions  about 
leading  teams  well.  Meanwhile,  however,  his 
PI  results  indicated  that  he  was  passive  and 
therefore  might  not  possess  the  necessary 
characteristics.  So  Kautz  probed  deeper  and 
asked  the  candidate  how  he  would  deal  with 
confrontation  and  having  to  fire  someone. 
After  a  few  of  these  questions,  the  candidate 
realized  he  wasn’t  right  for  the  job.  Kautz  then 
discussed  with  the  candidate  other  positions 
more  in  line  with  the  his  personality. 

Finally,  the  PI  helps  Kautz  speed  the  inter¬ 
viewing  process.  Before  he  started  using  the 
PI,  he  says,  he  interviewed  more  candidates 
and  had  to  ask  more  to  return  for  second  inter- 


Determining 
Fit  Through 
Specific 
Questions 

IF  THE  IDEA  of  psychological  or  behav¬ 
ioral  assessments  makes  you  nervous, 
there  are  other  ways  to  evaluate  a  per¬ 
son’s  fit  without  the  formality  of  a  psy¬ 
chological  test.  San  Francisco  State 
University’s  management  professor 
John  Sullivan  suggests  that  CIOs  give 
candidates  a  sheet  of  paper  with  a  list 
of  100  cultural  variables  or  conditions 
such  as  fast-paced,  collaborative, 
independent  and  competitive,  and  ask 
them  to  pick  the  top  five  conditions 
under  which  they  work  best  and  to 
rate  them  in  order  of  importance.  This 
type  of  quiz  tells  you  essentially  the 
same  information  as  the  Predictive 
Index  tool,  but  it  is  less  formal  and 
intimidating.  -M.L. 

views.  He  says  the  PI  gives  him  the  confidence 
to  know  when  the  right  person  is  under  his 
nose  and  which  applicants  not  to  bring  in.  (For 
another  way  to  assess  fit,  see  “Determining  Fit 
Through  Specific  Questions,”  this  page.) 

RECRUIT  THE  ATTITUDE 
ALL-STARS 

f  you  want  the  Tom  Brady  of  IT  manage¬ 
ment  working  for  you,  then  you  and  your 
best  players  have  to  court  him.  This  prac¬ 
tice  is  called  relationship  recruiting. 

Mandalay  Resort’s  Austin  hired  a  director 
she  knew  from  a  consulting  company  she  had 
worked  with  while  at  Harrah’s  Entertainment 
and  who  continued  to  do  work  for  her  once 
she  joined  Mandalay.  When  Austin  had  an 
opening  for  a  director,  she  contacted  this  per¬ 
son  to  tell  him  about  the  job.  Because  she  had 
previously  worked  with  him,  she  knew  he  had 
the  right  attitude  for  the  job.  He  was  an  appli¬ 
cation  architecture  and  development  whiz;  he 
had  the  desire  and  ability  to  teach  others;  he 
empathized  with  business  users;  and  he  was 


committed  to  learning  and  leading  change. 

When  she  learned  this  person  was  inter¬ 
ested,  Austin  approached  the  principal  of  the 
consultancy  and  told  him.  Austin  wound  up 
with  a  top-notch  director  and  hired  a  known 
quantity.  And  she  maintained  her  relationship 
with  this  company  because  she  conducted  her¬ 
self  in  a  forthright  manner.  “By  pre-identifying 
potential  employees  over  a  period  of  time,  you 
don’t  make  hiring  errors,”  agrees  Sullivan. 

In  addition,  relationship  recruiting  can  help 
CIOs  get  around  the  problems  associated  with 
being  unable  to  get  objective  references.  When 
Gevity  HR’s  Zimmerman  is  looking  to  hire, 
say,  an  Oracle  database  administrator  or  a  busi¬ 
ness  analyst,  and  a  candidate’s  resume  indicates 
he  has  worked  in  Oracle  shops,  he  and  his  staff 
will  call  the  executives  they  know  at  Oracle  as 
part  of  the  reference-checking  process  to  see  if 
their  contacts  know  the  candidate.  Zimmer¬ 
man  says  that  leveraging  his  contacts  in  the  IT 
industry  is  a  dependable  way  to  get  “good 
back-door  information.”  (For  more  informa¬ 
tion,  see  “Mastering  the  Art  of  Relationship 
Recruiting”  at  www.cio.com/printlinks.) 

WINNING  THE  GAME 

iring  is  one  of  the  most  important 
aspects  of  a  CIO’s  job.  The  value  a 
CIO  and  IT  bring  to  a  company’s  bot¬ 
tom  line  is  directly  related  to  the  quality  of  the 
individuals  supporting  the  CIO  and  their 
chemistry.  Taking  the  time  to  recruit  the  right 
people  with  the  right  skills  and  attitudes  will 
vastly  improve  your  hiring  odds.  Says  Hof¬ 
mann,  “We’re  all  going  to  be  working 
together,  so  it’s  important  that  we  have  a  very 
synergistic  team.”  BE] 


Share  your  tips  for  hiring  the  right  people  with  Senior 
Writer  Meridith  Levinson  at  mlevinson@cio.com. 


Learn  More  About  Interview  Techniques 


One  way  to  find  the  right  people  is  to  ask  riddles 
and  logic  puzzles  that  will  demonstrate  an 
appetite  for  solving  difficult  problems.  Author 
John  Kador  shares  some  samples  (with 
answers)  in  "Close  Encounters  with  the  Brain- 
teaser  Job  Interview,"  which  originally  ran  on 
our  sister  site,  www.darwinmag.com.  Find  the 
link  at  www.cio.com/printlinks. 

cio.com 


80  CIO  MARCH  1,  2004  •  www.cio.com 


EMC  INFORMATION  LIFECYCLE  MANAGEMENT  STRATEGIES: 


OPERATIONAL  EFFICIENCY  Advertising  Supplement 


INFORMATION 
LIFECYCLE 
MANAGEMENT  IS: 

a  strategy  that  uses 
people,  processes  and 
technology  to  store  and 
tap  critical  business 
data  throughout  its 
lifespan  of  value. 


IN  THIS  EDITION: 

See  how  companies  are 
turning  their  new  regu¬ 
latory  challenges  into 
business  opportunities 
by  leveraging  the  bene¬ 
fits  of  Information 
Lifecycle  Management. 


Information  Lifecycle  Management: 
The  Smart  Way  to  Save  Money 


CERTAINLY,  SMART  COMPANIES 

recognize  that  information  is  the  linch¬ 
pin  of  their  success.  In  most  organiza¬ 
tions,  corporate  information  is  their 
most  valuable  asset,  the  key  ingredient 
with  which  innovative  new  business 
models  are  built. 

“The  ability  to  use  and  leverage 
information  as  a  company  to  drive 
additional  business  is  critical,”  says 
Mark  Lewis,  chief  technology  officer 
at  EMC  in  Hopkinton,  Mass.  “For 
many  companies,  smart  use  of  infor¬ 
mation  has  truly  become  a  differen¬ 
tiator,  particularly  as  technology  pro¬ 
vides  companywide  access.” 

But  if  innovative  information  man¬ 
agement  is  the  ultimate  goal,  then  the 
immovable  object  squarely  in  its  path 


is  the  reality  of  today’s  lean  IT  budgets. 
Technology  is  the  vital  framework  on 
which  companies  rely  to  help  business 
information  flow  freely,  but  many 
worthy  efforts  have  been  hamstrung 
by  the  flat  or  declining  budgets  of  the 
past  several  years. 

Yet  limited  resources  are  no 
excuse  for  limited  action,  says  Chuck 
Hollis,  vice  president  of  platforms 
marketing  at  EMC.  “More  and  more 
companies  are  realizing  that  informa¬ 
tion  is  money,  and  they  have  to  do  a 
better  job  of  managing  their  money,” 
he  says.  “But  all  this  is  happening  as 
IT  budgets  are  flat  and  labor  costs 
are  growing.” 

Spurred  by  boardroom-level  con¬ 
cerns  about  the  escalating  costs  of 


EMC  INFORMATION  LIFECYCLE  MANAGEMENT  STRATEGIES: 


Advertising  Supplement 


OPERATIONAL 

EFFICIENCY 


“Our 

business  was 
able  to  cut 
support 
staffing  by  30 
percent,  yet 
increase  its 
throughput 
by  20 
percent. 
[ILM]  had  a 
significant 
bottom  line 
impact  and  a 
net  delta  of 
somewhere 
around 
10  percent 
in  our 

profitability, 
directly 
attributable 
to  this 
planned 
technology.” 

—Bob  Terdeman, 
Rogers  Medical 
Intelligence 


technology,  IT  executives  have  embarked 
on  a  constant  search  to  make  their  infra¬ 
structure  as  streamlined  and  cost-efficient 
as  possible. 

Many  have  already  implemented  meas¬ 
ures  that  address  cost-cutting  on  a  piece¬ 
meal  basis — server  consolidation  or  out¬ 
sourcing,  for  example — but  also  need 
a  method  of  reducing  infrastructure 
and  information  management  costs 
enterprise-wide.  One  intriguing  answer: 
Information  Lifecycle  Management  (ILM), 
which  offers  an  opportunity  to  streamline 
infrastructure  costs  across  the  board  by 
tying  the  business  value  of  information  to 
the  cost  of  managing  it. 

“If  you  think  of  information  bits  as 
assets,  Information  Lifecycle  Management  is 
the  alignment  between  the  value  of  informa¬ 
tion  and  how  much  a  company  is  spending 
to  make  it  available  to  people,”  says  Hollis. 

Information  Lifecycle  Management  can 
help  streamline  operational  costs.  New 
York’s  Rogers  Medical  Intelligence 
Solutions  has  recognized  significant  cost 
savings  through  Information  Lifecycle 
Management,  according  to  Robert 
Terdeman,  the  company’s  vice  president 
and  chief  information  architect.  “One  of 
the  key  results  is  that  our  business  was  able 
to  cut  support  staffing  by  30  percent  yet 
increase  its  throughput  by  20  percent,” 
says  Terdeman.  “It  had  a  significant  bot¬ 
tom  line  impact  and  a  net  delta  of  some¬ 
where  around  10  percent  in  our  prof¬ 
itability,  directly  attributable  to  this 
planned  technology.” 


TECHNOLOGY  OPERATIONAL 
EFFICIENCY:  BUSINESS  DRIVERS 

Much  has  changed  over  the  past  several 
years  for  companies  that  rely  on  online 
information  for  strategic  value.  Consider: 

Budget  Constraints.  While  CIO  maga¬ 
zine’s  latest  quarterly  Tech  Poll  forecasts  a 
modest  increase  in  IT  budgets  for  2004, 
caution  is  still  the  watchword.  Nearly  one- 
third  of  survey  respondents  say  that  ongo¬ 
ing  financial  constraints  affect  IT  spending, 
while  nearly  60  percent  say  that  spending 


OPERATIONAL  EFFICIENCY: 
BUSINESS  DRIVERS 


•  Budget  Constraints 

•  Explosive  Information  Growth 

•  Manual  Processes 

•  Fragmented  Management  Strategies 

•  Regulatory  Compliance  Issues 


on  computer  hardware  will  remain  flat  or 
decrease. 

Explosive  Information  Growth. 
Companies  are  squirreling  away  unprece¬ 
dented  quantities  of  data  in  many  forms — 
the  structured  information  that  lies  in  data¬ 
bases  as  well  as  the  unstructured,  file-based 
information  that  lies  in  Word  and  Excel 
documents  across  a  network. 

“Information  is  growing  at  a  ridiculous 
rate,”  says  Steve  Kenniston,  a  technology 
analyst  at  Enterprise  Storage  Group,  a 
research  company  based  in  Milford,  Mass. 
“Where  there  used  to  be  one  storage 
administrator  for  one  terabyte  of  data,  now 
they  need  one  administrator  to  manage  six 
terabytes,  and  soon  it’ll  be  one  for  every  14 
terabytes.  For  that  to  happen,  companies 
need  to  make  information  management 
more  efficient.  ” 

Manual  Processes.  “Categorizing, 
moving  and  disposition  of  data  is  still  a 
very  manual  process  at  most  companies,” 
says  Hollis.  “Tools  are  few  and  frag¬ 
mented,  and  a  far  cry  from  the  automat¬ 
ed  determination  of  policy.”  Worse,  man¬ 
ual  information  management  consumes 
staff  time — and  as  Hollis  points  out, 
“Labor  is  the  most  expensive  component 
of  IT  today.  “ 

Fragmented  Management  Strategies. 
Gaining  a  bird’s-eye  view  of  all  that  infor¬ 
mation  is  no  small  task.  Without  a  compre¬ 
hensive  strategy,  it’s  difficult  for  companies 
to  manage  the  data  that’s  spread  across  an 
entire  enterprise. 

Regulatory  Compliance  Issues.  New 
regulations  and  corporate  governance 
mandates  for  the  storage  and  management 
of  information  mean  that  companies  must 


2 


Advertising  Supplement 


be  able  to  retrieve  data  quickly  and  on 
demand.  Faced  with  the  difficult  and  time- 
consuming  task  of  accessing  data  that  may 
well  be  spread  across  a  variety  of 
sources — or  that  may  have  been  deleted — 
it’s  small  wonder  that  companies  can  be 
frightened  into  taking  a  “save  it  all” 
approach. 

These  issues  are  prompting  CIOs  to  rec¬ 
ognize  that  the  real  opportunity  to  drive 
big  costs  out  of  IT  is  to  look  across  the 
entire  lifecycle  of  the  information  and  the 
infrastructures  that  support  it.  In  short, 
Information  Lifecycle  Management. 

As  detailed  in  earlier  parts  of  this 
series,  Information  Lifecycle  Manage¬ 
ment  is  not  a  product  but  rather  a 
method  of  harnessing  informational 
chaos.  “[It]  is  a  strategy,  and  one  that 
encompasses  people,  processes  and  tech¬ 
nology,”  says  Kenniston.  Done  right, 
ILM  is  proactive  and  dynamic,  and 


INFORMATION  LIFECYCLE 
MANAGEMENT  ENABLES 
OPERATIONAL  EFFICIENCY 


•  Improve  Classification 

•  Leverage  Existing  Assets 

•  Enable  Policy  Automation 

•  Tier  Storage 

•  Decrease  Compliance  Costs 

•  Stretch  IT  Resources 


helps  companies  plan  IT  growth  to  meet 
their  anticipated  business  needs. 
“[Information  Lifecycle  Management]  is 
the  ability  to  provide  companies  with 
access  to  information — the  right  infor¬ 
mation — and  the  most  up-to-date  and 
logical  version  across  the  enterprise,” 
says  Tanuja  Randery,  vice  president  for 
global  strategic  initiatives  at  EMC.  “If 
companies  want  to  access  and  use  infor¬ 
mation  to  their  business  advantage,  ILM 
enables  this  by  providing  a  unified 
approach  to  viewing  and  access  while 
ensuring  that  the  cost  and  performance 
of  the  infrastructure  is  optimized.” 


LINKING  INFORMATION  LIFECYCLE 
MANAGEMENT  AND  OPERATIONAL 
EFFICIENCY 

Implementing  Information  Lifecycle 
Management  can  help  companies  manage 
information  both  more  wisely  and  less 
expensively.  By  building  an  information 
management  strategy  based  on  this  disci¬ 
pline,  companies  can  build  cost  savings  into 
their  infrastructure  in  a  holistic  fashion. 
Information  Lifecycle  Management  Helps: 

•  Improve  Classification.  Many  compa¬ 
nies  don’t  even  know  what  they  have  for 
equipment.  Information  Lifecycle 
Management,  which  starts  with  a  thor¬ 
ough  inventory  of  physical  and  informa¬ 
tional  assets,  ensures  that  companies 
know  exactly  what  they  have,  which 
helps  them  make  better-informed  spend¬ 
ing  decisions.  By  conducting  a  data  clas¬ 
sification  and  prioritization  study,  com¬ 
panies  can  ensure  that  data  is  placed  on 
the  level  of  storage  most  appropriate  to 
its  business  value.  Many  times,  that 
means  calling  in  outside  experts. 
“Information  Lifecycle  Management 
consultants  are  part  of  the  storage  com¬ 
panies’  bench  teams,”  says  Pete  Gerr,  an 
analyst  at  Enterprise  Storage  Group. 
“They  have  the  services  and  tools  that 
will  help  an  organization  classify  and 
value  their  data,  taking  a  step  toward 
having  a  fully  realized  strategy.” 

•  Leverage  Existing  Assets.  Once  compa¬ 
nies  know  exactly  what’s  there,  they  can 
better  prioritize  information  assets  in 
accordance  with  information  manage¬ 
ment  policies.  “If  you  know  up  front 
what  you  have  and  how  much  data  is 
being  created,  you’ll  do  better  capacity 
planning,”  says  Kenniston. 

•  Enable  Policy  Automation.  The  ability 
to  simplify  and  automate  technical 
infrastructure  through  Inform¬ 
ation  Lifecycle  Management  means 
that  companies  can  lower  business 
costs  and  hire  fewer  people.  “You  get 
efficiencies  by  automating  the  things  that 
people  have  to  do  today,”  Hollis  explains. 
By  creating  and  then  automating  policies 


“Information 
is  growing  at 
a  ridiculous 
rate.  Where 
there  used  to 
be  one 
storage 
administrator 
for  one 
terabyte  of 
data,  now 
they  need 
one 

administrator 
to  manage 
six  terabytes, 
and  soon  it’ll 
be  one  for 
every  14 
terabytes. 
For  that  to 
happen, 
companies 
need  to 
make 

information 

management 

more 

efficient.” 

— Steve  Kenniston, 
Enterprise 
Storage  Group 


3 


EMC  INFORMATION  LIFECYCLE  MANAGEMENT  STRATEGIES: 


Advertising  Supplement 


OPERATIONAL 

EFFICIENCY 


IMPACT  OF  ILM  AND  TCO  SAVINGS  ACROSS  STAGES 


Three-Year  TCO  Estimate  for  Typical  Large  Enterprise*  (Indexed  to  100) 


100 

75 

50 

25 


100 

83-90 

ILM  Step  Baseline  Step  1 


64-66 


Step  2 


52-54 


Step  3 


Incremental  TCO  Reduction  10-17%  23-26%  17-20% 


Drivers  of  Reduction 
with  step  implementation 

* Enterprise  has  750  TB  of 
baseline  total  storage;  TCO 
calculation  includes  busi¬ 
ness  costs  (i.e.,  data  loss, 
compliance,  downtime,  and 
data  search  time) 


•  Networked  •  Application-specific  •  Automated 

storage  service  level  align-  management 

•  Storage  ment  (based  on  and  control 

automation  business  policies)  •  Service  levels 

•Storage  •  Improved  continuity  aligned  across 
consolidation  and  compliance  enterprise  data 

SOURCE:  EMC 


QUESTIONS  ABOUT 
INFORMATION 
LIFECYCLE 
MANAGEMENT? 

If  you’ve  got  any  burning 

questions  about 

Information  Lifecycle 

Management — and  how 

you  can  begin 

implementing  such  a 

strategy — send  them  to 

ilm_questions@emc.com. 

We’ll  answer  the  most 

frequently  asked 

questions  later  in 

this  series. 


to  drive  information  management,  com¬ 
panies  can  streamline  operations  and  cut 
costs.  “The  principal  savings  is  around 
the  dynamic  movement  of  data,”  says 
EMC’s  Lewis.  “The  value  of  data  changes 
over  time,  and  ILM  helps  flexibly  move 
data  to  the  appropriate  level  of  storage  as 
its  business  value  changes.” 

•  Tier  Storage.  Classifying  data  enables  IS 
executives  to  create  tiered  storage  that 
matches  the  business  value  of  the  data 
with  the  corresponding  price/perform¬ 
ance  layer  of  storage.  Lor  example,  mis¬ 
sion-critical  applications  might  reside  on 
high-performance  disks,  while  important 
but  less  critical  data  land  on  less  costly 
ATA  disks.  “Having  high-end,  mid-tier 
and  archive  storage  makes  a  lot  of  sense 
financially  and  from  a  recoverability 
standpoint,”  says  Kenniston.  “By  migrat¬ 
ing  the  lower  class  of  information  to  a 
second  tier  of  storage,  companies  save 
money  but  also  keep  it  available  and  pro¬ 
tect  it  more  easily.”  As  the  range  of 
options  in  tiered  storage  increases,  so  do 
the  effective  business  continuity  options 
for  the  corporate  world. 

•  Decrease  Compliance  Costs.  Information 
Lifecycle  Management  handles  data 
according  to  its  business  value  at  a  very 
granular  level,  so  CIOs  know  what  data 
should  be  kept  and  what  can  be  deleted, 


thus  saving  money.  It  also  makes  compli¬ 
ance  much  simpler,  so  companies  are  less 
likely  to  incur  compliance-related  expens¬ 
es  such  as  legal  fees  or  staffing  costs. 

•  Stretch  IT  Resources.  Automating  infor¬ 
mation  management  in  accordance  with 
data  policies  means  that  CIOs  will  be  able 
to  redeploy  existing  staffers  to  other  proj¬ 
ects,  making  their  resources  go  further  for 
the  same  money.  “If  companies  can  auto¬ 
mate  the  process  and  take  the  human 
aspect  out  of  it,  it  saves  them  money,” 
says  Kenniston.  “Once  CIOs  are  con¬ 
vinced  that  storage  can  be  automatically 
moved  to  the  right  asset  when  they  want 
to  move  it,  automation  is  the  next  step.” 

In  an  era  of  increasing  concern  over  the 
cost  of  technology,  CIOs  see  the  wisdom  of 
embracing  budget  reduction  strategies  that 
add  value  as  well  as  cut  costs.  One  impor¬ 
tant  step  is  to  implement  a  strategy  that 
works  across  the  entire  company  to  man¬ 
age  information  holistically. 

“By  implementing  Information  Lifecycle 
Management,  we  believe  that  CIOs  can 
expect  to  see  a  net  of  up  to  50  percent  actu¬ 
al  cost  savings  in  overall  storage  costs,” 
says  EMC’s  Lewis.  Companies  can  make 
sure  that  they  drive  all  possible  extra  costs 
out  of  managing  and  storing  information — 
and  at  the  same  time,  truly  give  business 
leaders  what  they  need  to  thrive. 

“If  you  recognize  that  information  is  a 
core  company  asset  similar  to  physical 
plant  and  human  resources,  then  you 
really  understand  the  value  of  an  inte¬ 
grated  storage  solution,”  says  Terdeman. 
“Because  what  you’re  really  storing  are 
critical  company  assets  in  a  managed  and 
efficient  way.” 

NEXT:  In  the  next  part  of  this  series, 
we'll  look  at  Information  Lifecycle 
Management  for  small  to  medium-sized 
enterprises  (SMEs). 

£  FOR  MORE  INFORMATION 

where  information  lives  Visit  WWW.emC.COm/ilm 

for  an  in-depth  look  at  Information  Lifecycle 

Management  products,  services  and  strategies. 


4 


f 


s 

I 


* 


>, p-: .' 


£ysps 


Meet  Joe  (not  his  real  name). 

Joe  forgot  how  much 
was  riding  on  his  decision. 

He  forgot  about  the 
CIO  Evaluation  Center 


Don't  make  Joe's 
mistake... 


WIfallf 


'iSSKS^k 

. .  /  •-*  ►  ■.  „  .<•* 


awT 


mm 


■m- 


<*■■■  r' 


ysMm 


MMm 


tFmmm 


IMlfl 


m 


i-Z'S, 


■if. 


iypi| 

umm 


>s-r-v 


wrr/.3 


Skvi# 


The  Resource  for 
Information  Executives 


Announcing  the  CIO  Evaluation  Center.  CIO  Magazine  and  Technology  Evaluation  Centers  Inc.  have 
joined  forces  to  make  available  to  CIO  Magazine  readers,  a  cutting  edge  online  tool  that  impartially 
compares  enterprise  software  products,  side-by-side  and  interactively. 


it  could  have  shown  Joe  which  product  best  matched  his  needs. 

Joe  was  last  seen  scrutinizing  the  CIO  Evaluation  Center  at:  http://www.theciostore.com 


ILLUSTRATION  BY  MICHELLE  CHANG 


Open  Source 


It  isn’t  all  about  cheap:  Companies  keep  finding  good  reasons  to 
take  advantage  of  open-source  software  by  malcolm  wheatley 


AT  FIRST  GLANCE,  THE  COMPANY  EMPLOYEASE  SEEMS  UNREMARKABLE.  BUT  LOOK  A  LITTLE  CLOSER. 


Reader  ROI 

Why  open  source  isn’t 
all  about  the  price 

What  companies  are 
using  open  source 
for  mission-critical 
applications 

What  questions  exist 
surrounding  the  legality 
of  using  open  source 


Employease,  which  provides  employee  benefits  administration  services  to  more 
than  1,000  organizations  across  America,  has  an  IT  architecture  chiefly  built 
around  open-source  software,  which  makes  it  a  rare  bird— not  that  it  was  planned 
that  way  when  the  company  was  founded  in  1996. 

“It’s  been  quite  a  surprise  to  me.  The  open-source  model  just  seems  intuitively 
wrong,”  says  John  Alberg,  the  company’s  cofounder,  CIO,  CTO  and  vice  president 
of  engineering.  But  the  facts  speak  for  themselves. 

The  company’s  25  production  application  servers  run  on  Red  Hat  Linux,  having 
been  switched  from  Windows  NT  in  July  2000.  Webpages  once  delivered  by 
Netscape  are  now  served  by  Apache,  supplemented  by  Tomcat,  an  open-source 
Java  servlet  engine.  Send  an  e-mail  to  Employease  and  it’s  processed  by  Sendmail, 
an  open-source  mail  server,  while  the  company’s  software  developers  use 
XEmacs,  an  open-source  development  tool. 

But  that’s  not  all.  Although  the  company’s  main  applications  use  Informix  for 
database  management,  Alberg  happily  confesses  that  he  can  see  a  time  when  the 
proprietary  software  will  be  displaced  by  MySQL,  an  open-source  relational  data¬ 
base  system  already  used  by  the  company  for  less  critical  applications.  Snort,  an 
open-source  intrusion  detection  tool,  is  also  under  active  consideration,  says  Alberg. 

Companies  such  as  Employease  herald  a  sea  change  in  corporate  attitudes 
toward  open-source  software.  Once  seen  as  flaky,  cheap  and  the  work  of  amateur 


\nw\n. cio.com  •  MARCH  1.  2004  CIO  83 


Open  Source 


developers,  open  source  has  emerged  blinking 
into  the  daylight.  With  unrestricted  access  to 
the  source  code  to  run  or  modify  at  will,  and 
support  coming  from  an  ad  hoc  collection  of 
software  developers  and  fellow  users,  the  open- 
source  model  is  very  different  from  proprietary 
software.  But  it  is  nevertheless  proving  attrac- 


buying  behavior  of  a  zealot.  He  wouldn’t,  for 
example,  go  open  source  if  it  were  more 
expensive  than  proprietary  code.  “  Solaris  is  a 
strong  commercial  operating  system.  We’d 
choose  it  over  open  source  if  we  found  it  to  be 
less  expensive,”  he  says.  “[While]  cost  is  a 
huge  driver  for  our  decision-making  process, 


Where  reliability  is  paramount,  Sabre  Hold¬ 
ings  uses  pricing — or  “data  of  record” — 
applications,  which  run  on  high-spec, 
fault-tolerant  Hewlett-Packard  NonStop  sys¬ 
tems.  But  shopping  applications — where  cus¬ 
tomers  and  travel  agents  hunt  for  the  best 
deals — run  on  a  server  farm  of  lower-cost 


Once  seen  as  flaky,  cheap  and  the  work  of  amateur  developers, 
open  source  has  emerged  blinking  into  the  daylight. 


tive  enough  for  a  host  of  CIOs  to  make  the 
switch.  So  who’s  using  open  source?  Why  are 
they  using  it?  And  are  the  benefits  worth  the 
risks?  The  answers  are  surprising — and  dispel 
some  of  the  myths  surrounding  open  source. 

THE  ATTRACTION 
IS  THE  PRICE  TAG 

One  of  open  source’s  most  touted 
\  benefits  is  its  price.  Download 
TJ  the  software,  install  it — and 
don’t  pay  a  penny.  That’s  the 
theory.  But  to  a  surprising  number  of  open- 
source  user  companies,  the  price  tag — or  lack 
of  one — is  irrelevant.  “It’s  not  about  being 
cheap,”  insists  Employease’s  Alberg.  “It’s 
about  doing  our  jobs  effectively — and  we’re 
willing  to  pay  quite  a  bit  for  that.  We  want  sta¬ 
ble  software  that  does  what  it  says  it  will  do.  ” 
What  Alberg  finds  fascinating  about  mov¬ 
ing  to  open  source  is  the  performance 
improvement  that  resulted.  The  move  to 
Linux,  for  example,  dramatically  cut  the  rate 
of  server  failure  experienced  by  the  company. 
Typically,  under  NT,  one  of  the  company’s 
servers  would  fail  each  working  day.  Now,  he 
says,  “we  get  at  most  two  failures  a  month — 
and  often  don’t  get  any  in  a  month.  ” 

Linux  also  runs  A1  berg’s  applications  faster 
than  NT,  a  fact  that  has  meant  that  despite 
more  than  doubling  its  business  since  2000,  the 
company  hasn’t  needed  to  buy  more  servers. 
“Linux  increased  our  capacity  by  between 
50  percent  and  75  percent,”  says  Alberg. 

Even  so,  Alberg  is  careful  to  make  clear  that 
his  commitment  to  open  source  isn’t  the  blind 


we  cannot  risk  choosing  an  inferior  solution  to 
save  money.  We  couldn’t  even  consider  open 
source  if  it  weren’t  at  par  with — or  in  some 
cases  better  than — commercial  alternatives.  ” 
Ask  many  users  of  open  source  and  a  simi¬ 
lar  story  emerges.  “Cost  savings  weren’t  really 
a  factor  in  our  decision  to  go  open  source,” 
says  John  Novak,  CIO  of  330-plus  hotel  chain 
La  Quinta,  which  is  moving  its  online  booking 
system — previously  on  BEA’s  WebLogic — to 
a  combination  of  Apache,  JBoss  and  Tomcat. 
“What  got  us  into  it  was  that  it  was  simply  the 
best  technology  open  to  us.” 

THE  SAVINGS  AREN’T  REAL 

Open-source  software  has  been 
described  as  “free,  as  in  a  free 
puppy.”  And  yes,  the  absence 
of  software  licensing  fees  needs 
to  be  offset  along  with  the  costs  of  training, 
support  and  maintenance.  On  the  other  hand, 
proponents  of  open  source  also  cite  reduced 
costs  of  “vendor  churn,”  where  vendors 
require  users  to  migrate  to  a  new  version  or 
pay  for  extra  support.  Most  users  we  spoke 
to  for  this  story  reported  a  net  savings  with 
open  source — often  a  substantial  one. 

At  Sabre  Holdings — the  company  behind 
Tra velocity,  the  Sabre  Travel  Network  and  the 
Sabre  travel  reservation  system — a  major 
migration  to  open  source  is  under  way, 
prompted  by  Sabre’s  prediction  that  the  move 
will  yield  savings  of  tens  of  millions  of  dollars 
during  the  next  five  years. 

The  company  runs  two  distinct  groups  of 
computers,  explains  CTO  Craig  Murphy. 


machines.  Each  shopping  computer  has  its 
own  open-source  MySQL  database,  explains 
Murphy,  synchronized  by  an  application  from 
GoldenGate  with  the  rules,  fares  and  avail¬ 
ability  information  held  on  the  fault-tolerant 
“data  of  record”  system.  The  shopping  sys¬ 
tems  were  on  HP-UX,  but  by  the  beginning  of 
this  month,  all  of  those  servers  will  have 
switched  over  to  an  open-source  operating 
system — Red  Hat  Enterprise  Linux  AS. 

The  big  attraction  of  open  source  is  that 
there’s  a  zero  marginal  cost  of  scale  because 
open  source  doesn’t  require  additional  licenses 
as  an  installation  grows,  he  says.  As  a  result, 
the  cost  per  transaction  plummets  as  you  add 
more  systems.  Exact  comparisons  are  tricky, 
says  Murphy,  “but  where  we  can  make  like- 
for-like  comparisons,  we’re  expecting  at  least 
an  80  percent  reduction  in  running  cost.” 

THERE’S  NO  SUPPORT 

According  to  Gary  Hein,  an  ana¬ 
lyst  with  technology  consul¬ 
tancy  Burton  Group,  technical 
support  is  a  potential  open-source 
user’s  primary  concern.  “Who  do  you  call 
when  things  go  wrong?  You  can’t  wring  a  ven¬ 
dor’s  neck  when  there’s  no  vendor,”  he  says. 

In  practice,  the  situation  is  complex.  As 
Hein  points  out,  most  open-source  projects 
have  a  large  corps  of  developers,  Internet  mail¬ 
ing  lists,  archives  and  support  databases — all 
available  at  no  cost.  That’s  the  good  news.  The 
not-so-good  news  is  that  there’s  no  single 
source  of  information.  “A  simple  question 
may  result  in  multiple,  conflicting  answers 


84  CIO  MARCH  1,  2004  •  www.cio.com 


•  DIGITAL 

iMAGER 


SSEiasa 


mmmm 


SCAA/  SPEEDS 


* 

* 


4o  o 
i 0.0 
Zo  O 
10  o 
o  o 


34% 


16-7 


<15% 

r-AiTJL*, 


<-0*?6TlTlON  JHARPAR-MSSo 


PRODUCT  l 

,  RELIABILITY 


fA*T6K  tqpvT 


!i 


Double  your  productivity  with  Scan2  technology. 


The  best  way  to  stay  ahead 
is  to  double  your  productivity. 
Introducing  Scan2  technology 
from  Sharp.  Sharp's  Digital  Imagers  with  Scan2 
technology  are  designed  to  scan  two-sided 
documents  in  a  single  pass. 

Now  all  of  your  training  manuals  and  white 
papers  can  be  scanned,  copied,  emailed  and 
digitally  distributed  quicker  than  ever  before. 


In  fact,  it's  1 1 5%  faster  than  any  other  product 
in  its  class.  Not  only  is  it  like  having  double  the 
help,  it  will  also  allow  you  to  accomplish  more 
in  dramatically  less  time.  Together  with  Sharp's 
integrated  network  management  software 
and  security  features,  your  digital  information 
is  safe  and  workflow  is  fully  optimized. 

Visit  sharpusa.com/scan2  or  call  1-800-BE- 
SHARP  for  more  information. 


The  AR-M550,  AR-M620  and  AR-M700: 

•  Operate  at  55, 62  and  70  pages-per-minute 

•  Fully  integrated  network  ready  digital 
copier/printers 

•  Include  network  management  software 
and  document  filing  capability 

.  be  sharp 


scan 


*  Results  of  Buyers  Laboratory  Inc.  Document  Feeding  Speed  tests  (originals  per  minute)  in  2:2  mode  for  Sharp  AR-M550  vs.  the  following  manufacturers'  competitive  models:  Canon  iR  5000  and  5020,  HP  9055  MFP,  Konica 
7155,  Kyocera  Mita  KM-5530,  Ricoh  Aficio  1055  and  551,  and  Toshiba  e-STUDIO  550.  ©2003  Sharp  Corporation 


Open  Source 


Open  Source 
Under  Attack 


SCO  GROUP’S  MAY  2003  LETTER  to  1,500  large-company  Linux  users  grabbed 
headlines.  The  letter  warned  the  users  that  SCO  might  seek  legal  action  against 
them  as  part  of  its  ongoing  fight  with  IBM  over  allegedly  stolen  Unix  code  that  may 
or  may  not  be  in  Linux.  And  SCO’s  more  recent  assertion  that  the  General  Public 
License  (GPL),  under  which  much  open  source  is  published,  may  violate  the  U.S. 
Constitution  has  caused  a  few  eyeballs  to  roll  and  roiled  some  tempers.  But  beyond 
that,  the  brouhaha's  impact  may  be  limited.  A  number  of  open-source  vendors 
have  already  moved  to  indemnify  customers. 

Lawyers,  too,  seem  unconcerned  about  the  risks  that  the  SCO  assaults  pose  to 
the  typical  CIO— especially  since  IBM,  a  major  open-source  vendor,  has  signaled  its 
intention  to  rebut  the  charge  vigorously,  “if  IBM’s  involved,  we’ve  got  some  assurance 
that  these  issues  are  going  to  get  resolved,"  says  Karen  Copenhaver,  a  partner  in 
the  patent  and  intellectual  property  practice  of  law  firm  Testa,  Hurwitz  &  Thibeault. 

Others  are  also  skeptical.  “It's  essentially  a  dispute  between  IBM  and  SCO,  and  it 
won’t  affect  the  majority  of  Linux  users,”  says  Jeff  Norman,  a  partner  in  the  intellec¬ 
tual  property  practice  of  law  firm  Kirkland  &  Ellis.  "Even  if  SCO  wins,  I  find  it  highly 
unlikely  that  SCO  has  a  claim  on  Linux  users.” 

As  for  the  Constitutional  claim?  “[SCO  CEO  Dari  McBride’s]  argument  that 
the  GPL  violates  the  U.S.  Constitution  is  just  plain  silly  and  has  generally  been 
dismissed  as  such,”  says  Copenhaver.  “It  is  certainly  one  of  the  more  bizarre 
allegations  that  he  has  made.”  -M.W. 


with  no  authoritative  source,”  he  says. 

Even  so,  says  Klaus  Weidner,  a  senior 
consultant  with  technology  consultancy 
Atsec,  multiple  sources  of  support  can  be  bet¬ 
ter  than  being  tied  to  one  vendor — especially 
when  that  vendor  provides  bad  support  or 
refuses  to  continue  supporting  software  of  a 
certain  vintage. 

In  practice,  existing  users  of  open-source 
software  appear  perfectly  happy  with  open- 
source  support  arrangements.  “The  breadth 
of  resources  available  for  open-source  appli¬ 
cations  is  so  great  worldwide  that  we  can  get 
support,  communicate  with  a  developer  or 
download  a  patch  no  matter  the  time  of  day,” 
says  Thomas  J inneman,  IT  director  of  Right- 
Now  Technologies,  an  ASP  that  hosts  cus¬ 
tomer  service  products  for  more  than  1,000 
companies  worldwide,  including  British  Air¬ 
ways,  Cisco  Systems  and  Nikon. 

The  company’s  hosting  environment  runs 
on  Linux,  Apache  and  Tomcat,  and  97  per¬ 
cent  of  its  customers  use  MySQL,  says  Jinne- 
man.  Indeed,  he  adds,  “we’ve  had  more 
trouble  getting  support  for  some  of  our  pur¬ 
chased  commercial  applications  than  we’ve 
had  with  open-source  applications.” 

Some  open-source  applications  also  have 
support  offered  by  the  original  developers. 
JBoss,  for  example,  is  backed  by  JBoss  Group, 
which  includes  the  10  core  developers  who 
wrote  the  application.  Depending  on  the  con¬ 
tract,  explains  JBoss  Group  President  Marc 
Lleury,  users  can  obtain  24/7  professional 
support  with  as  little  as  a  two-hour  response 
time.  The  group  also  offers  training. 

A  similar  model  also  underpins  Sourcefire, 
whose  founders  created  Snort,  the  popular 
open-source  intrusion  detection  tool.  Down¬ 
loaded  off  the  Internet,  Snort  is  command- 
line-driven,  explains  Sourcefire  CTO  Martin 
Roesch.  Enterprise  users  can  set  it  up  them¬ 
selves — but  more  and  more  are  contracting 
Sourcefire  to  do  it  instead  so  that  the  company 
can  handle  security  management  details. 

“What  I  like  is  that  you  get  all  the  advan¬ 
tages  of  open  source  in  terms  of  people  work¬ 
ing  on  it,  as  well  as  the  advantages  of  a 
commercial  enterprise  behind  it  in  terms  of 
longevity  and  liability,”  says  Kirk  Drake,  vice 


president  of  technology  for  the  National 
Institutes  of  Health  Lederal  Credit  Union. 

IT’S  A  LEGAL  MINEFIELD 

A  variety  of  open-source  licenses 
exist,  and  helping  CIOs  under¬ 
stand  their  implications  is  good 
business  for  lawyers — very  good 
business.  “[CIOs’]  concerns  chiefly  revolve 
around  the  implications  of  using  code  to 
which  they  can’t  verify  their  right  to  use,”  says 
Jeff  Norman,  a  partner  in  the  intellectual 
property  practice  of  law  firm  Kirkland  & 
Ellis.  “Just  because  you’ve  got  a  piece  of  paper 
saying  that  you  own  the  Brooklyn  Bridge,  it 
doesn’t  mean  that  you  actually  own  it.” 

For  some  users,  third-party  indemnification 
is  an  option.  On  Nov.  17, 2003,  for  example, 
JBoss  Group  announced  it  will  indemnify  and 
defend  JBoss  customers  from  legal  action  alleg¬ 
ing  JBoss  copyright  or  patent  infringement. 
Other  vendors  of  open-source  software — 
including  HP,  Red  Hat  and  Novell — also  offer 


indemnifications  of  varying  types. 

And  while  conceding  that  the  situation  isn’t 
perfect,  Sabre’s  Murphy  says  that  he’s  heard 
all  the  legal  arguments  he  needs.  “It’s  a  con¬ 
cern,  sure,  but  we’ve  basically  got  to  do  this. 
There  may  be  friction  and  challenges — but  I 
don’t  see  any  showstoppers.”  (See  “Open 
Source  Under  Attack,”  this  page.) 

OPEN  SOURCE  ISN’T 
FOR  MISSION-CRITICAL 
APPLICATIONS 

Mission-critical  apps  don’t  come 
any  more  crucial  than  those  in 
banking,  where  transaction  sys¬ 
tems  simply  have  to  work,  period. 
Experimenting  with  open  source,  with  its  atten¬ 
dant  risks  in  terms  of  potential  infringement, 
security  and  maintenance,  might  be  regarded 
as  anathema.  “Banks  tend  to  be  conservative 
institutions — first  followers,  if  you  like,  rather 
than  leaders,”  says  Clive  Whincup,  CIO  of  Ital¬ 
ian  bank  Banca  Popolare  di  Milano,  who  freely 


86  CIO  MARCH  1,  2004  •  www.cio.com 


escapes  clutches  of  desk 

i<At  last  rm  free,  thanks  to 


’A t  .  . 

Noki.  Mobile  Connectivity 

solutions. ..and  it  feels 

exclaims  Mary  Langer, 
office  manager. 


nUh0Ught  I  was  imprisoned  at  my  ^  for, 

— 

Now  1  can  visit  mote  *»PP  ( ^  t 

and  work  whenever  and  h^^nthused£ 

happy  «  ®  ^^VoAers  everywh 
from  CEOs  ^  ^  ^  thought  oi 

Secure,  breakthrough  in  the 

Reliable,  working  Uves.  “Mob, 

i  Connectivity  lr°m 

Freedom  and 

FleXlbdlty  Qf  my  wajting  time  a 

*  ■  -  j  rFO  Don  Baker,  “which 

airport,”  said  CEO,  Don 

rp  family  time  when  1  g 


Introducing  a  new  era  of  secure,  corporate  business  freedom 
and  flexibility  —  Nokia  Mobile  Connectivity  solutions. 


Employees  throughout  an  enterprise  want  to  be 
more  mobile  and  productive  —  and  this  can  be 
realized  thanks  to  Nokia  Mobile  Connectivity 
solutions.  CIOs  and  IT  managers  can  provide  the 
mobility  and  security  of  anytime,  anywhere 
access  to  users  —  while  empowering  everyone 
from  the  CEO  to  field  salesforce  teams  with  the 
information  needed  to  do  their  work  where  and 
when  they  choose.  Nokia  Mobile  Connectivity 
solutions  include  a  range  of  IPSec-  and  SSL- 
based  client  and  gateway  products  that  provide 


secure,  appropriate  access  to  corporate  email 
and  applications.  Enterprises  will  discover  new 
levels  of  efficiency  from  their  workforce,  while 
giving  them  greater  freedom  to  manage  their 
business  and  personal  lives.  All  solutions  are 
easy  to  deploy  and  manage,  are  based  on 
award-winning  technology  and  are  backed  by 
Global  Support  and  Services. 

So  if  you  want  greater  working  freedom 
that’s  IT  approved,  go  ahead  and  escape. 
Visitwww.nokia.com/mobileaccess/americas 


NOKIA 

Connecting  People 


SE 


Open  Source 


admits  that  the  bank’s  venture  into  open  source 
was  the  result  of  “some  fairly  lateral  thinking.  ” 
But  walk  into  Banca  Popolare’s  smart  new 
branch  on  the  Via  Savona  in  Milan’s  Zona 
Solari  district,  and  the  service  these  days  is 
much  faster  than  customers  have  previously 
experienced.  The  reason?  Unwilling  to  throw 
out  the  bank’s  legacy  banking  applications, 
totaling  some  90  million  lines  of  Cobol,  but 
unable  to  keep  them  running  under  IBM’s  vin¬ 
tage  OS/2  Presentation  Manager  operating 
system,  Whincup  has  used  a  proprietary 
legacy  integration  tool  from  Jacada  to  con- 


propriety  logistics  management  system,  Chess 
Logistics,  brought  out  a  new  version  that  ran 
on  Linux — a  version  that  promised  to  improve 
performance  by  a  factor  of  between  1 0  and  1 5 
times.  Helps  happily  signed  up,  and  he  hasn’t 
regretted  the  decision. 

But  his  experience  of  running  Red  Hat 
Linux  in  a  true  production  environment,  with 
users  logging  on  to  the  main  Linux  server  from 
what  he  describes  as  “thin  clients  with  a  cut 
down  Linux  operating  system,”  prompted 
him  to  reevaluate  the  company’s  desktop  pol¬ 
icy.  In  the  end,  the  company  opted  to  replace 


employee  organization  that  serves  more  than 
40  countries. 

THE  BOTTOM  LINE 

Is  open  source  right  for  every  organization? 
In  the  end,  argues  Andy  Mulholland,  chief 
technology  officer  for  Cap  Gemini  Ernst  & 
Young,  it’s  a  question  of  attitude.  “The  argu¬ 
ments  for  and  against  open-source  software 
often  get  very  trivialized,”  he  says.  “It’s  not  a 
technology  issue;  it’s  a  business  issue  to  do 
with  externalization.” 

Companies  with  an  external  focus,  he  says, 


“The  arguments  for  and  against  open-source  software  get  trivialized. 

It’s  not  a  technology  issue;  it’s  a  business  issue  ■  -CTO  Andy  Mulholland,  Cap  Gemini  Ernst  &  Young 


nect  the  Cobol  to  IBM’s  WebSphere — running 
in  a  Linux  partition  on  the  bank’s  mainframe. 

The  result:  Formerly  disjointed  applica¬ 
tions  now  run  slickly  in  a  Web  browser,  yield¬ 
ing  faster  transaction  times,  less  time  spent 
training  tellers — and  many  more  opportuni¬ 
ties  for  cross-selling  the  bank’s  services. 

Billed  by  insiders  as  one  of  Europe’s  largest 
Linux  projects,  the  Zona  Solari  branch  is 
piloting  the  new  system,  says  Whincup.  Once 
testing  is  complete,  full  rollout  will  begin  in 
May.  One  decision  to  be  made  before  then: 
whether  to  leave  the  branch  desktops  running 
Windows  XP,  as  in  the  Zona  Solari  pilot,  or 
move  them  to  Linux  as  well.  “Both  of  the  next 
two  branches  to  pilot  the  system  will  be  using 
Linux  [on  the  desktop],”  Whincup  says. 

OPEN  SOURCE  ISN’T 
READY  FOR  THE  DESKTOP 

At  Baylis  Distribution,  a  transport 
and  distribution  company,  IT 
Director  Chris  Helps  came 
across  the  MySQL  database  four 
years  ago  when  the  company  was  looking  to 
create  a  data  warehouse.  Around  the  same 
time,  the  company  began  experimenting  with 
Linux,  he  says,  for  small-scale,  noncritical 
applications.  The  move  to  mission  criticality 
came  last  year  after  the  vendor  of  the  company’s 


Microsoft  on  desktops  with  Linux  and  open- 
source  personal  productivity  tools  for  activi¬ 
ties  such  as  word-processing  and  spreadsheets. 

“We’ve  not  done  a  formal  evaluation  of  the 
savings,  but  a  broad-brush  calculation  is  that 
it  costs  $1,820  per  seat  to  install  a  PC  with  all 
the  Microsoft  tools  a  user  needs.  With  Linux, 
and  open-source  tools,  it’s  only  around  half 
that,”  Helps  says.  What’s  more,  usability 
improved.  “People  can  log  in  from  any  PC  in 
the  group  and  have  all  the  same  services  and 
facilities  available  to  them  as  if  they  were  sit¬ 
ting  at  their  own  desks.”  Better  still,  IT  sup¬ 
port  is  simplified.  “We  haven’t  got  the 
complications  of  users  establishing  a  unique 
personalized  environment  on  their  desktops: 
We’ve  got  better  control,  better  upgradability 
and  better  traceability.” 

Nor  is  Helps  alone.  Other  IT  shops — as 
big  and  diverse  as  Siemens  Business  Services 
and  the  Chinese  government — are  also  con¬ 
vinced  that  Linux  is  ready  for  the  desktop. 
Siemens,  for  example,  says  it  has  performed 
extensive  testing  with  “real-world,  nontech¬ 
nical  workers,”  finally  declaring  that  Linux 
has  now  matured  as  a  desktop  system.  The 
tests  confounded  the  company’s  expecta¬ 
tions.  “We  [at  first]  didn’t  see  Linux  on  the 
desktop  as  a  major  market,  but  we  were 
wrong,”  says  a  spokesman  for  the  35,000- 


which  are  used  to  working  collaboratively 
with  other  organizations,  and  perhaps  are 
already  using  collaborative  technologies, 
stand  to  gain  much  more  from  open  source 
than  companies  with  an  internal  focus,  which 
see  the  technology  in  terms  of  cost  savings. 

“The  lesson  of  the  Web  is  that  standardi¬ 
zation  is  better  than  differentiation,”  Mul¬ 
holland  claims.  “Is  there  a  virtue  in  doing 
things  differently?  Is  there  a  virtue  in  doing 
things  the  same  way  as  everybody  else?”  As 
the  past  decade  has  shown,  standardization 
with  a  proprietary  flavor — think  Microsoft — 
has  its  drawbacks:  bloatware,  security  loop¬ 
holes,  eye-popping  license  fees  and  an 
unsettling  reliance  upon  a  single  vendor. 
In  offices  around  the  globe,  an  era  of  open- 
source  standardization,  determined  to  con¬ 
demn  such  drawbacks  to  history,  may  be 
dawning.  HE! 


Malcolm  Wheatley  is  a  U.K. -based  freelance  writer. 
E-mail  feedback  to  letters@cio.com. 


Learn  More  About  Open  Source 


Check  out  CIO. corn's  EXECUTIVE  SUMMARY 
ON  OPEN  SOURCE.  There  you'll  find  useful 
information  and  links  to  other  resources  to 
help  you  make  your  open-source  decisions. 

Go  to  www.cio.com/printlinks. 

cio.com 


88  CIO  MARCH  1,  2004  •  www.cio.com 


The  Wicked  Witch  of  "The  Niovjh  7 


Location  matters.  I _ 

Without  it,  you  don't  have  the  whole  story. 

Is  a  web  visitor's  presence  good  for  your  business?  Or  are  they  out  for  you  and  your  little 
dog,  too?  You  can  ask  for  location  verification,  but  you  need  to  know  the  truth. 

Quova's  geolocation  technology  determines  the  real-world  location  of  a  website 
visitor  -  all  the  way  down  to  their  city.  And  that  can  help  you  avoid  doing  business 
with  the  wrong  people. 

Using  its  unique  closed-loop  methodology,  Quova  lets  you  authenticate  users,  manage 
access  and  configure  intrusion  detection  to  block  traffic  from  certain  hazardous  IP  domains. 
Quova  even  offers  network  connection  and  performance  data  with  pinpoint  accuracy. 

With  Quova's  fully  integrated  enterprise  solutions,  companies  have  unparalleled 
confidence  in  their  network  security  strategies. 


Get  the  whole  story.  Call  Quova  today: 

1-877-737-8682 


UOVA 

MAKING  LOCATION  MATTER 


www.quova.com 


j^ElrizEN CLT1ZEN  CITIZEN 

Z^Wfi^EN  ENCITIZ^T«ZEN 

W«*E xfzEff™"  cm  T 

iiiqtifftEN  c.t.z^w'zen 

Citizen  citizcntizen  cmzENC' 

IT  IZfEVTI  ZEN  CITIZEN  CITIZEN  < 
CITIZEN  CITIZEN  CITIZENc|T|ZEr 
T,ZE^mZEN  CITIZEN  c| 

CITIZEN  CITIZEN  CITIZEN 

CITIZEN  /  C 

CITIZEN  CITIZEN 

CITIZEN  _ CITIZEN 


CITIZEN 


Two-hundred-ninety  million  people  are  counting  on  you. 

How  are  government  agencies  becoming  more  citizen-centric?  By  using  information  technology.  To  continually 
improve  the  quality  of  government  services,  while  reducing  their  cost  and  safeguarding  privacy.  E-government. 
Turning  data  into  knowledge,  and  knowledge  into  action. 


LOCKHEED  MARTIN 

We  never  forget  who  we’re  working  for™ 


www.lockheedmartin.com 


PHOTO  BY  SHAWN  J.  O'MALLEY 


HIRING 


FIRING 


INSPIRING 


Hot 

Seat 


Inside 

MANAGEMENT 
REPORTS  I  94 

Corporate  Culture 
Carries  On: 

Why  organizations 
resist  change 

LEADERSHIP  AGENDA  I  96 

By  Susan  H.  Cramm 

Oh,  the  Perils  of  the  OCIO: 
The  right  way  to  deploy  an 
Office  of  the  CIO  structure 

Reader  Q&A 


How  comfortable  do  you 
find  the  hot  seat?  E-mail 
Leadership  and  Management 
Editor  Edward  Prewitt  at 
hotseat@cio.com. 


Chief  Beggar,  Fortune-Teller 
and  Juggler 

How  to  balance  all  your  roles  without  dropping  the  ball 

BY  MICHAEL  FITZGERALD 


Wanted:  CIO.  Must  be  a  strategist,  tech¬ 
nologist,  operations  expert,  supply  chain 
manager  and  department  chief. 

Does  this  sound  like  an  imprecise,  all- 
encompassing  job  description?  In  fact,  it 
reflects  what  many  IT  leaders  are  find¬ 
ing  about  their  jobs:  It’s  hard  to  put  them 
in  a  box. 

That’s  as  opposed  to  the  classic, 
Gartner-approved  definition  of  what  a 
CIO  does:  Lead  supply  and  demand  for 
the  IT  function.  “The  CIO  maps  to  strat¬ 
egy,  anticipates  requirements  and  needs 
in  terms  of  technology,  and  then  needs 
to  be  able  to  supply  it,”  says  Ellen  Kitzis, 
group  vice  president  for  the  Americas 
division  of  Gartner  Executive  Programs. 

Well,  maybe  that  was  true  for  your 
father’s  CIO,  but  it  isn’t  anymore.  Indeed, 
one  can  almost  hear  Kitzis  smile  as  she 
recounts  the  job  description;  she  knows 
that  today’s  IT  executives  face  many  more 
tasks  in  organizations,  as  companies 
become  more  information-centric. 

Catherine  Brune,  senior  vice  presi¬ 
dent  and  CTO  at  Allstate  Insurance,  says 
her  list  of  jobs  includes  the  expected 
range — project  manager,  business  funder, 
vendor  manager  and  security  specialist — 
and  some  extraordinary  things  as  well, 
such  as  innovation  incubator,  referee, 
psychologist  and  fortune-teller.  “And 
when  my  crystal  ball  isn’t  as  good  as  it 
needs  to  be,  I  need  to  be  a  good  Houdini,” 
she  jokes. 

Kitzis  says  that  “in  many  ways,  CIOs 
today  are  being  asked  to  wear  many 
CXO  types  of  hats.”  Because  IT  crosses 
most,  if  not  all,  levels  of  the  corporation, 
CIOs  “can  be  the  glue  or  the  enabler  that 
brings  the  whole  organization  together,” 


she  says.  It’s  difficult  to  be  everything  to 
everyone,  but  that’s  the  reality  of  the  cur¬ 
rent  CIO  job.  Here’s  how  to  make  all  the 
hats  fit. 

The  All-in-One  Executive 

At  the  highest  level,  CIOs  must  have  the 
vision  thing  down;  they  need  to  be  able 
to  see  where  technology  is  going  and 


mi 


Allstate  Insurance  CTO  Catherine  Brune 
blocks  out  time  almost  every  day  for  the 
conversations  with  other  executives  that 
are  necessary  to  managing  all  her  roles. 

what  will  matter  to  their  companies,  and 
then  have  an  ability  to  lead  the  organi¬ 
zation  in  that  direction.  That  kind  of 
leadership  skill  resembles  what  a  CEO 
does  for  the  overall  company.  CIOs  must 
also  manage  costs  and  deliver  returns  on 
investments  like  a  CFO,  particularly  in 
today’s  cost-conscious,  results-oriented 
business  environment.  There  is  increas- 


www.cio.com  •  MARCH  1,  2004  CIO  91 


ing  and  steady  pres¬ 
sure  on  CIOs  to  opti¬ 
mize  performance  and 
manage  operations 
internally,  much  as  a 
COO  does  for  a  com¬ 
pany  as  a  whole.  Finally,  CIOs  also  have 
to  serve  a  variety  of  other  business  units, 
which  Kitzis  says  makes  their  job  more 
complex  than  just  running  a  department. 

Indeed,  CIOs  have  so  many  duties  and 
get  involved  in  so  many  facets  of  corpo¬ 
rate  life  that  it’s  easy  to  argue  they  wear 
more  hats  than  anyone  else. 

That’s  a  classic  setup  for  having  respon¬ 
sibility  but  no  authority.  For  instance, 
security  and  privacy  issues,  as  well  as  dis¬ 
aster  recovery,  require  a  companywide 
effort.  To  guide  security  efforts,  Brune  in 
effect  becomes  first  a  consultant  for  the 
rest  of  Allstate,  recommending  business 
practices  and  policies  to  ensure  that  all 
information  remains  secure  and  private, 
and  then  a  negotiator,  wrangling  with 
business  unit  heads  on  how  they  should 
implement  such  policies. 

She  also  finds  herself  working  on  tasks 
that  are  more  directly  related  to  other 
departments  than  IT,  such  as  making  sure 
that  Allstate  information  is  tracked  in  a 
way  that  shields  the  company  from 
legal  liability.  That  task  may  sound  like 
it  belongs  in  the  legal  department,  but 
Brune  is  responsible  for  the  technology 
that  makes  it  work.  That’s  one  reason 
why  the  company’s  chief  privacy  officer 
reports  within  her  organization,  though 
technology  isn’t  a  major  component  of 
that  person’s  job. 

Brune’s  negotiation  skills  come  in 
handy,  she  says,  when  she  wants  to  see 
something  implemented  but  doesn’t  quite 
have  the  budget  for  it.  If  she  can  build  an 
effective  case  for  how  a  technology  will 
help  a  business  unit,  the  unit  head  might 
kick  in  money  from  his  budget  to  make 
the  project  happen. 

“Begging  is  the  best  skill  you  can 
have,”  she  says.  She  also  thinks  that  both 


her  28-year  career  at  Allstate  and  her 
operational  experience  outside  of  IT  (in 
sales  and  marketing)  help  her  understand 
the  needs  of  the  business  units,  which 
limits  the  potential  tensions  of  a  cross¬ 
enterprise  role  like  hers.  Not  only  that, 
but  she  also  manages  her  own  P&L 
group,  Allstate’s  printing  unit. 

Brune  has  been  in  her  role  as  CTO 
for  just  over  a  year.  She  has  spent  much 
of  that  time  thinking  about  how  IT 
should  function  at  Allstate,  which  is 
rethinking  its  entire  organizational 
structure.  Most  of  the  company’s  units 
have  remained  standalone,  but  IT  and 


marketing  were  established  as  enter¬ 
prisewide  organizations,  with  the  belief 
that  that  will  help  the  company’s  long¬ 
term  growth. 

Even  so,  Brune  places  relationship¬ 
building  above  organizational  structure. 
She  blocks  out  time  on  her  calendar 
almost  every  day  for  the  conversations 
necessary  for  getting  the  IT  exec  job  done. 
She  gets  in  at  7  most  mornings  to  make 
sure  she  has  time  for  talking  to  people. 

The  VC  Inside 

On  top  of  their  corporate  roles,  many 
CIOs  now  are  expected  to  behave  in 
almost  entrepreneurial  fashion.  That’s 
the  case  for  Ralph  Terkowitz,  CTO  at 


The  Washington  Post  Co.  In  addition  to 
his  responsibilities  as  operations  man¬ 
ager,  administrator,  strategist,  gatekeeper 
and  coach,  he  serves  as  corporate  explorer 
and  investor.  In  the  explorer  role, 
Terkowitz  sits  on  the  board  of  TRUSTe 
so  that  the  Post  can  stay  on  the  cutting 
edge  of  online  privacy  issues.  Terkowitz 
vets  the  Post’s  venture  capital  invest¬ 
ments,  such  as  the  stake  it  took  in 
Tribe.net,  a  promising  social  network¬ 
ing  startup. 

Fie  also  wears  a  CEO’s  hat,  having 
been  the  CEO  of  Digital  Ink,  a  Post  Co. 
subsidiary  in  online  publishing,  and  the 


co-CEO  of  another  subsidiary,  BrassRing, 
a  recruitment  software  and  services  com¬ 
pany.  All  the  while,  he  performed  the  role 
of  corporate  CIO  for  the  Post  Co. 

Terkowitz  has  been  able  to  do  all  this 
because  as  CIO  for  The  Washington  Post 
Co.,  he  has  a  corporate  job  that  is  differ¬ 
ent  from  serving  as  CIO  of  The  Wash¬ 
ington  Post  newspaper.  Washington  Post 
Co.  also  publishes  Newsweek  and  owns 
several  dozen  smaller  newspapers,  six  TV 
stations  and  a  regional  cable  system.  It 
also  owns  Kaplan,  the  learning  and  test 
preparation  company.  So  Terkowitz  has 
to  plot  a  path  for  all  of  these  units  but 
does  not  have  to  run  any  of  them  day- 
to-day.  Like  all  the  company’s  divisions, 


Hot 

Seat 


MANAGEMENT  ESSENTIALS 

Trust  Is  the  Best  Motivator 

Some  important  things  never  make  it  into  job  descriptions.  Trust,  for  instance. 

Both  Allstate  Insurance  Senior  Vice  President  and  CTO  Catherine  Brune  and 
Washington  Post  Co.  CTO  Ralph  Terkowitz  say  that  when  working  with  good 
staffers,  trusting  them  to  get  their  jobs  done  makes  them  far  more  able  to  handle 
the  number  of  different  hats  each  has  to  wear. 

Another  important  form  of  trust:  Trust  your  CIO  peers.  Brune  joined  IT  executive 
groups  both  in  and  out  of  the  insurance  industry  when  she  became  Allstate’s  CTO. 
She  signed  up  to  hear  about  what  CIOs  in  other  industries  are  experiencing.  She 
says  that  having  to  present  in  front  of  the  industry  groups  has  helped  her  do  her  job 
better  at  Allstate.  -M.F. 


92  CIO  MARCH  1,  2004  •  www.cio.com 


Small  MediumBusiness 


Introducing  Dell's  All-Gigabit  Layer  3  Switches. 

Rely  on  your  network  more 
Think  about  it  less. 


D44.I. 


POWERCONNECT™  2124* *  SWITCH  ■  POWERCONNECT™  3348*  SWITCH 


The  NEW  Dell  PowerConnect  6024  and  6024F  Layer  3 


Scalable,  Affordable  Unmanaged  Switch 

•  24  Fast  Ethernet  Ports  Plus  1  Copper  Gigabit  Port 

•  1  Gigabit  Port  for  High  Speed  Connectivity  to  a  Server 

•  1-Yr  Next  Business  Day  Advanced  Exchange  Service52  Standard 


E-VALUE  Code:  21440- S10202 


Recommended  Upgrade: 

•  3-Yr  Next  Business  Day  Advanced  Exchange  Service,52  add  $49 


Stackable,  Enterprise  Class  Managed  Switch 

•  48  Fast  Ethernet  Ports  Plus  2  Built-In  Gigabit  Uplinks 

•  Multi-Layer  Traffic  Classification  at  Layers  2,  3  and  4 

•  Advanced  Management  via  Browser  or  Industry-Standard  CLI 

•  3-Yr  Next  Business  Day  Advanced  Exchange  Service52  Standard 

as  low  as  $24/mo„  (46  pmts.30) 

E-VALUE  Code.  21440- S10208 

Recommended  Upgrade: 

•  3-Yr  Same  Day  4-Hour  24x7  Advanced  Exchange  Service,52 
add  $199 


switches  will  take  your  network  connectivity 
to  new  heights.  They  are  the  latest  entries  in  Dell's 
line  of  reliable,  high-performance  network  switches  at 
prices  that  are  up  to  50%  less  than  the  competition.  They 
offer  advanced  Layer  3  routing  functionality  and  built-in 
redundancy  features.  PowerConnect  switches  are  highly 


POWERCONNECT™  5224*  SWITCH 


High-Performance,  All-Gigabit  Managed  Switch 

•  24  Copper  Gigabit  Ports  Plus  4  SFP  Fiber  Uplinks 

•  Layer-3  Aware  Class  of  Service  Prioritization 

•  Advanced  Management  via  Browser  or  Industry-Standard  CLI 

•  3-Yr  Next  Business  Day  Advanced  Exchange  Service52  Standard 

as  low  as  $51/mo„  (46  pmts?") 

|  E-VALUE  Code:  21440- S10218 

Recommended  Upgrade: 

•  3-Yr  Same  Day  4-Hour  24x7  Advanced  Exchange  Service?2 
add  $299 


NEW  POWERCONNECT™  6024*  SWITCH 


Scalable,  Advanced  Layer  3  Gigabit  Switch 

•  24  Copper  Gigabit  Ports  with  8  SFP  Combo  Slots  for  Fiber 

•  Layer-3  Routing:  RIP,  OSPF,  DVMRP  and  Static  Routes 

•  Dual,  Internal  Hot-Swappable  Power  Supplies  and  Fans 

•  3-Yr  Next  Business  Day  Advanced  Exchange  Service52  Standard 

VI  as  low  as  $94/mo.,  (46  pmts.30) 

E-VALUE  Code:  21440- S10234 

Recommended  Upgrade: 

•  Gold  Enterprise  Support  Services,  add  $1538 


interoperable,  scalable  and  perfect  for  building  a  first-time 
network  or  expanding  an  existing  one.  So  bring  Dell's  cost¬ 
saving,  outstanding  performance  to  your  LAN  and  get 
network  connectivity  you  can  count  on. 

Dell  PowerConnect  3348  Outperforms 
the  Cisco  Catalyst  2950  by  48%  and 
3COM  SuperStack  3  Switch  4400  by 
30%  in  Layer  2  Throughput  Tests!' 

Tolly  Group  Report  #203116 
-  September  2003 


TOLLY 


CERTI  FI  ED 


Reliable 


network  solutions.  Easy  as 


D^LL 


Click  www.dell.com/switch  Call  1-877-365-5415 

toll  free 


Call:  M-F  7a-9p|Sat  8a-5p  CT  Pricing,  specifications,  availability,  and  terms  of  offer  may  change  without  notice.  Taxes  and  shipping  charges  extra,  and  vary,  and  not  subject  to  discounts.  U  S.  new  purchases  only.  Dell  cannot  be 
responsible  for  errors  in  typography  or  photography.  ‘This  device  has  not  been  approved  by  the  Federal  Communications  Commission  for  use  in  a  residential  environment.  This  device  is  not,  and  may  not  be,  offered  for  sale  or 
lease,  or  sold  or  leased  for  use  in  a  residential  environment  until  the  approval  of  the  FCC  has  been  obtained.  “Monthly  payment  based  on  pre-rebate  price  for  48-month  60  Days  Same-As-Cash-QuickLoan  with  46  payments  at 
9.99%  interest  rate.  Your  interest  rate  and  monthly  payment  may  be  same  or  higher,  depending  on  your  creditworthiness.  If  you  do  not  pay  the  balance  within  60  days  of  the  QuickLoan  Commencement  Date  (which  is  five  days 
after  product  ships),  interest  will  accrue  during  those  first  60  days  and  a  documentation  fee  may  apply.  OFFER  VARIES  BY  CREDITWORtHINESS  OF  CUSTOMER  AS  DETERMINED  BY  LENDER.  Minimum  transaction  size  of  $500 
required.  Maximum  aggregate  financed  amount  for  paperless  acceptance  not  to  exceed  $25,000.  If  your  order  exceeds  $25K,  a  Dell  Financial  Services  rep  will  contact  you  to  process  your  documentation.  Taxes,  fees  and  shipping 
charges  are  extra  and  may  vary.  Not  valid  on  past  orders  or  financing.  QuickLoan  arranged  by  CIT  Bank  to  Small  Business  customers  with  approved  credit.  'Technician,  replacement  part  or  unit  (depending  on  service  contract)  will 
be  dispatched  if  necessary  following  phone-based  troubleshooting  in  advance  of  receipt  of  returned  defective  unit.  Service  may  be  provided  by  third-party  provider.  Subject  to  parts  availability,  geographical  restrictions  and  terms 
of  service  contract.  Service  timing  dependent  upon  time  of  day  call  placed  to  Dell.  Defective  unit  must  be  returned.  Replacements  may  be  refurbished.  U  S.  only.  'Tolly  Group  Report  #203116  was  commissioned  by  Dell.  Dell,  the 
stylized  E  logo.  E-VALUE,  and  PowerConnect  are  trademarks  of  Dell  Inc.  ©2004  Dell  Inc.  All  rights  reserved. 


GO 

Online  For 
Latest  Prices 
and  Weekly 
Promotions  y 


Hot 
Seat 


The  Post  newspaper 
has  its  own  IT  staff 
and  CIO,  who  reports 
to  the  president  of  the 
newspaper,  with  a  dot¬ 
ted  line  to  Terkowitz. 

“Not  having  that  large  day-to-day 
responsibility  gives  me  the  opportunity 
to  touch  all  our  businesses  and  related 
business,  to  look  at  the  impact  of  tech¬ 
nology  and  bring  it  back  inside,”  he 
says.  In  fact,  his  role  often  centers  on 
determining  best  practices  and  collabo¬ 
rating  across  business  units  on  technol¬ 
ogy  choices. 

Terkowitz  retains  responsibility  for 
certain  areas  of  technology  across  the 
company’s  operating  units.  He  is  respon¬ 
sible  for  relationships  with  auditors  and 
for  making  sure  that  the  IT  departments 
are  in  compliance  with  regulations,  like 
Sarbanes-Oxley.  He  also  runs  the  com¬ 
pany’s  shared  services,  such  as  its  single¬ 
sign-on  security  initiative  and  human 
resources  IS. 

“We  looked  at  what  mattered  to  indi¬ 
vidual  units  and  what  was  a  necessary 
evil.  The  necessary  evil  is  all  shifting  to 
me,”  he  quips.  In  large  part,  that’s  being 
done  to  save  the  company  money — it  gets 
better  volume  pricing  when  all  its  units 
are  considered  for  something  like  e-mail. 

Still,  it  might  sound  like  Terkowitz  has 
to  spend  so  much  time  switching  hats 
that  he  probably  wishes  he  were  a  hydra. 
Not  so,  he  says.  He  has  found  that  he 
doesn’t  have  to  wear  all,  or  even  most, 
of  his  hats  every  day.  “The  various  hats 
either  shrink  or  swell  depending  on  the 
year,”  he  says. 

As  with  many  CIOs,  his  role  adapts  to 
the  economy.  In  1999  and  2000,  the  bulk 
of  his  time  was  spent  on  innovating,  par¬ 
ticularly  within  the  newly  developing  dot¬ 
com  businesses  at  the  Washington  Post 
Co.  The  following  years,  2001  and  2002, 
saw  a  great  deal  of  focus  on  best  practices, 
cost-cutting  and  controls,  and  improving 
IT’s  alignment  with  the  business.  Now  his 


MANAGEMENT  REPORTS 

Corporate  Culture  Carries  On 


Why  organizations 
resist  change 

The  notion  of  corporate  culture  has 
become  so  widely  accepted  over  the 
past  two  decades  that  it’s  hard  to 
remember  how  innovative  the  concept 
seemed  when  introduced  to  the 
popular  business  press  by  the  1982 
book  In  Search  of  Excellence.  It’s  a 
rare  company  since  then  that  hasn’t 
been  subjected  to  multiple  efforts  to 
change  its  culture. 

If  corporate  culture  were  easily 
modified,  then  management  consult¬ 
ants  and  authors  would  be  in  much 
less  demand,  notes  John  Weeks,  an 
assistant  professor  at  the  Insead 
business  school  campus  in  France.  In  a 
recently  published  book,  Unpopular 
Culture  (University  of  Chicago  Press, 
2004),  Weeks  applies  his  background 
in  organizational  behavior  to  a  study 
of  culture  at  a  large  British  bank, 
National  Westminster.  He  concludes 
that  corporate  culture  is  more  com¬ 
plex  than  has  been  previously  under¬ 
stood  because  it  descends  from  the 
broader  social  culture. 

The  book’s  title  refers  to  the  culture 
of  complaint  that  exists  at  NatWest, 
where  no  one— from  the  CEO  down  to 
the  most  junior  clerks— has  anything 
nice  to  say  about  his  employer.  This 
good-natured  carping  is  entirely 
representative  of  British  culture, 
observes  Weeks.  Changing  this 
feature  of  NatWest’s  organizational 
culture,  or  most  anything  else  signifi¬ 
cant  about  the  way  NatWest  employ¬ 
ees  work,  is  therefore  not  easily  done. 
It  means  taking  on  deeply  ingrained 
values,  customs  and  preferences. 

But  the  incessant  complaining  is 
more  than  a  byproduct;  it's  a  mecha¬ 


nism  by  which  NatWest  employees 
both  cope  with  and  resist  change. 
Through  such  seemingly  insignificant 
acts  as  joking  about  “not  another 
change  program,’’  employees  at  all 
levels  soften  the  blow  of  organiza¬ 
tional  change  and  even  arrive  at  an 
unspoken  agreement  about  their 
willingness  to  accommodate  change. 

It  may  come  as  little  surprise  to 
CIOs  that  IT  is  the  subject  of  many 
complaints  at  NatWest.  In  a  paper 
derived  from  the  same  study,  Weeks 
argues  that  IT’s  great  potential  to 


change  work  methods  and  dislocate 
employees  makes  it  the  focus  of 
attention.  The  ways  in  which  workers 
deal  with  IT-mediated  change,  as  with 
other  forms  of  organizational  change, 
can  be  subtle  and  hard  to  observe. 

Weeks’s  findings  about  corporate 
culture  extend  far  beyond  British 
banks.  Organizations  can  have  strong 
or  weak  cultures,  he  says,  and  the 
character  of  corporate  culture  can  be 
positive  or  negative.  However  these 
attributes  came  into  being,  they’re 
hard  to  alter  once  in  place.  Now 
there’s  a  topic  for  complaint. 

-Edward  Prewitt 


« 


4 


94  CIO  MARCH  1,  2004  •  www.cio.com 


ILLUSTRATION  BY  MIRCEA  CATUSANO 


OF  THE  UNITED  STATES 

2100  L  Street,  NW,  Washington,  DC  20037 
202-452-1 100  -  www.hsus.org 


©  Ron  Burns 
www.ronburns.com 


Ron  Burns  is  Artist  in  Residence  for 
The  Humane  Society  of  the  United  States 


W  H  M  r 

fi  »J  o  I'k  d  d  Til  1 1 

t  jjj_[ 

1  ■  r  Ml  I  1  LI  J  j  \ 

focus  is  shifting  back 
to  innovation.  In  fact, 
in  2004  Terkowitz 
began  performing  the 
CTO  role  as  a  consult¬ 
ant  to  the  Post  while 
starting  work  at  a  private  equity  firm. 

That  kind  of  role  won’t  make  Gartner’s 
list  of  things  CIOs  must  do.  But  the  ven¬ 
erable  consultancy  is  rethinking  how  it 
defines  the  CIO’s  role.  Kitzis  says  Gartner 
is  considering  looking  at  different  struc¬ 
tures  for  the  CIO  job.  She  says  she’s  seen 
IS  organizations  that  have  their  own  CFO, 
CTO,  head  of  HR  and  even  a  chief  mar¬ 
keting  officer.  “We’ve  begun  to  talk  about 
the  Office  of  the  CIO,”  she  says.  Now 
there’s  a  hat  stand  for  you.  (For  insights 
into  the  Office  of  the  CIO  structure,  see 
Susan  H.  Cramm’s  column  “Oh,  the  Per¬ 
ils  of  the  OCIO,”  this  page.) 


“When  my  crystal  ball 
isn’t  as  good  as  it 
needs  to  be,  I  need  to 
be  a  good  Houdini.” 

-Catherine  Brune,  CTO, 
Allstate  Insurance 


For  all  that  the  requirements  of  IT 
leadership  have  changed,  Brune  doesn’t 
think  CIOs  wear  more  hats  than  other 
executives.  “You  have  people  in  all  walks 
of  life  juggling  things  they  didn’t  used 
to,”  she  says.  Brune  does  concede  that 
the  hats  she  wears  as  CIO  are  harder  to 
manage,  though,  because  they  run  across 
the  enterprise,  rather  than  being  ori¬ 
ented  toward  a  single  business  unit.  Now 
there’s  a  new  title  for  your  business  card: 
Chief  Juggling  Officer.  QQ 


Send  feedback  on  this  article  to  hotseat@cio.com. 
Michael  Fitzgerald  ( michael@mffitzgerald.com )  is 
a  freelance  writer  based  in  Oakland,  Calif. 


Leadership  Agenda  by  susan  h.cramm 

Oh,  the  Perils  of 
the  OCIO 

The  right  way  to  deploy  an  Office  of  the  CIO  structure 

There  is  a  certain  level  of  guilt  associated  with  reading 
business  publications.  The  topics  usually  aren’t  too  much 
of  a  surprise,  and  the  information,  while  occasionally 
insightful,  inspires  more  self-reproach  than  action.  The 
articles  tend  to  focus  on  what  I  call  the  “important  but  not 
urgent”  subjects,  including  strategy,  metrics,  governance, 
communications,  portfolio  and  project  management, 
architecture  and  standards,  financial  and  human  resource  management, 
security  and  privacy,  and  disaster  recovery. 

Because  efforts  in  these  areas  don’t  deliver  immediate  performance 
improvements  and  require  allocation  of  scarce  management  and  analytical 
resources,  it's  all  too  easy  to  let  these  items  slide.  In  response,  CIOs  often 
abdicate  these  responsibilities  rather  than  appropriately  delegate. 

One  type  of  abdication  happens  when  you  keep  the  work  on  your  desk  in  the 
vain  hope  that  available  hours  will  magically  appear  on  your  calendar.  A  second 
type  of  abdication  is  more  insidious.  It  occurs  while  chartering  and  managing 
the  Office  of  the  CIO  (OCIO)  organizations.  Watch  out  for  two  common  mistakes. 

The  first  mistake  is  to  hold  the  OCIO  function  responsible  for  outcomes  out 
of  its  direct  control,  such  as  improved  project  delivery,  value  realization  and 
compliance  to  standards.  Only  line  IT  organizations  (that  is,  the  technology 
delivery  and  services  organizations)  directly  control  the  three  P’s  of  accounta¬ 
bility— the  people,  the  process  and  the  P&L.  Only  they  can  be  held  account¬ 
able  for  the  results  of  the  OCIO  initiatives. 

It’s  inappropriate  for  CIOs  to  funnel  all  IT  staff  work  into  Office  of  the  CIO 
organizations,  in  a  misguided  attempt  to  help  the  line  IT  organizations  maintain 
focus  on  completing  projects  and  delivering  services.  Without  intense  involve¬ 
ment  from  the  line  organizations,  much  of  the  work  of  the  OCIO  staff  will  be 
wasted.  For  living,  breathing,  frustrating  examples,  consider  the  performance  of 
the  typical  project  management  office  or  architecture  functions  (enough  said). 

The  second  mistake  CIOs  often  make  is  to  keep  piling  work  onto  Office  of  the 
CIO  staffers  with  little  regard  for  their  capacity  or  that  of  the  line  IT  organizations 
they  serve.  You  know  you’re  in  this  situation  if  your  OCIO  is  managing  transac¬ 
tions  rather  than  ideas.  Great  staff  work  requires  time  to  think,  which  does  not 
occur  when  people's  calendars  are  full  of  meetings  and  report  preparation. 

The  sad  reality  is  that  there  are  never  enough  resources  to  complete  staff 
work  because  there  is  a  never-ending  succession  of  great  ideas;  staff  work 
creates  even  more  staff  work.  OCIO  staff  functions  create  work  for  the  line 
organizations  that,  in  turn,  produce  stuff  that  has  to  be  reviewed,  approved  and 
reported  on  by  the  staff  organizations. 


96  CIO  MARCH  1,  2004  •  www.cio.com 


WHAT  DOES  IT 


Ever  wonder  what  makes  top  CIOs  tick?  How  do  they  handle 
the  new  realities  of  the  role  in  and  outside  the  organization? 
Form  and  leverage  executive  partnerships?  Be  a  force  in  the 
IT  industry  at  large?  Expand  the  horizons  and  break  the 
bounds  of  the  CIO  position?  Turn  to  the  CIO  FOCUS™  on  THE 
ELITE  CIO:  GOING  BEYOND  THE  BASICS-actionable  infor¬ 
mation  created,  filtered  and  packaged  by  the  award-winning 
editors  of  CIO  magazine. 


CIO  FOCUS™ 

IT  Value:  Measurement  Tools 
and  Techniques  That  Work 

Software  Vendor  Relationships: 
Selecting,  Vetting  and  Managing 
Partners 


CIO  FOCUS™  is  delivered  right  to  your  desktop,  giving  you 
immediate  access  to  the  information  you  need.  And  for  your 
future  reference  needs,  the  electronic  file  is  followed  by  a 
packaged  version,  shipped  within  72  hours. 


Applied  Wireless:  Making 
Wireless  Work  in  Business 

Fundamentals  of  Enterprise  IT 


CIO  FOCUS™ 

STRATEGIC  GUIDES  FOR  EXECUTIVE  DECISION  MAKING 


The  Resource 
for  Information 
Executives 


FOR  EXECUTIVE  DECISION-SUPPORT  TOOLS,  VISIT  THE  CIO  STORE-THE  CIO’S  KNOWLEDGE  MARKETPLACE. 

www.TheCIOStore.com 


To  make  headway 
on  your  "important 
but  not  urgent”  list 
(and  alleviate  your 
guilt),  you  need  to: 

1.  Focus  on  the  IT 
outcomes  you’ll  actively  manage. 

2.  Maintain  lean  OCIO  staff  organi¬ 
zations,  and  hold  them  accountable  for 
defining  the  necessary  policies  and 
processes— translating  data  into 
insights  and  alerting  the  line  leaders 
and  you  (in  that  order)  so  that  there 
are  few  surprises  along  the  way. 

3.  Hold  the  line  IT  organizations 
accountable  for  outcomes  related  to 
the  staff  work. 

4.  Rotate  your  OCIO  staff  employees 
back  into  line  roles  after  two  to  three 
years  so  that  their  designs,  relation¬ 
ships  and  insights  are  based  in  real¬ 
ity— not  the  latest  conference. 

For  example,  if  one  of  your  impor¬ 
tant  outcomes  is  a  more  focused, 
higher-value  IT  agenda,  then  strategy¬ 
making  should  be  on  your  radar 
screen.  Designate  a  staffer  to  define 
real-world  strategy-making  objectives, 
processes,  templates  and  time  line; 
ride  herd  over  the  progress  and  qual¬ 
ity;  and  consolidate  the  results.  At  the 
same  time,  ensure  that  the  line  organi¬ 
zations  do  the  heavy  lifting  of  the 
strategy-making  process— namely, 
executing  the  process  and  completing 
the  templates,  according  to  the  time 
line  defined  by  your  Office  of  the  CIO. 

Support  your  OCIO  staff  organiza¬ 
tions  by  reviewing  their  results  with 
the  leaders  of  the  line  IT  organizations 
and  bringing  them  back  into  the  fold,  if 
necessary.  Because  the  line  organiza¬ 
tions  report  to  the  CIO  rather  than  the 
OCIO,  they  will  be  motivated  to  do 
quality  staff  work  for  the  OCIO  only  if 
the  CIO  talks  to  them  about  it. 

This  column  is  in  response  to  a 
reader  who  asked  what  I  think  about 
the  Office  of  the  CIO  concept.  My 


advice  is  that  if  you  want  to  make 
progress  on  your  “important  but  not 
urgent  list,”  then  pick  your  battles,  slim 
down  your  staff  organizations,  and  stay 
involved.  Once  the  new  processes  are 
baked  in  to  your  IT  organization,  you 
can  reduce  staff  involvement  even 
further  and  move  on  to  the  next  priori¬ 
ties  on  the  never-ending  list. 

Reader  Q&A 

Susan  H.  Cramm  answers 
questions  on  “Oh,  the  Perils  of 
the  OCIO” 

Q:  The  notion  of  an  Office  of  the  CIO 
may  be  appealing,  but  it  addresses  the 
symptom  rather  than  the  cause.  The 
root  problem  is  functional  consolida¬ 
tion  of  “computer  people.”  If  the  OCIO 
concept  is  effective,  then  why  don’t 
insurance  companies  have  a  CMO 
(chief  mathematics  officer)  to  which 
actuarial,  finance  and  accounting 
people  report? 

A:  You  do  see  chief  mathematics 
officers— they  are  called  CFOs.  Most 
companies  centralize  staff  functions 
within  the  organizations  of  the  CFO, 
CAO  or  COO  (including  functions  such 
as  accounting,  finance,  strategy,  risk 
management,  human  resources  and 
facilities)  rather  than  letting  each  line 
organization  duplicate  these  functions 
in  their  entirety.  There  are  two  reasons 
for  doing  this— fiduciary  and  efficiency. 
However,  in  separating  these  staff 
functions,  there  is  always  the  risk  that 
line  organizations’  accountability  and 
authority  become  muddled  and  diluted. 
It  is  the  responsibility  of  those  running 
these  organizations  to  recognize  the 
line  as  their  customers,  to  ensure  that 
ultimate  accountability  remains  with 
those  who  can  truly  influence  results. 

Q:  My  11  years  of  experience  as  a  field 
services  manager  and  director  tell  me 


that  the  number-one  thing  that  IT  folks 
(techs)  do  worst  is  administrative 
tasks,  while  the  number-one  request 
from  customers  is  for  “administrivia”— 
report  on  this,  quantify  that,  quote  this, 
find  the  root  cause  on  that....  Given 
budgets,  this  makes  me  want  to  retain 
dedicated  IT  administrative  staffers  to 
handle  reporting  and  field  client 
requests  for  data  and  information. 

A:  Your  comments  get  to  the  heart  of 
the  OCIO  dilemma.  It’s  a  great  idea  to 
provide  staff  support  to  line  organiza¬ 
tions  in  order  for  them  to  fulfill  their 
obligations.  In  your  case,  it  may  make 
sense  to  conduct  root-cause  analysis 
on  behalf  of  the  technologist.  However, 
it  does  not  make  sense  to  hold  the  staff 
organization  responsible  for  remedia¬ 
tion  of  the  issue.  Only  those  doing  the 
work  can  be  held  accountable  for  the 
outcomes  of  the  OCIO  and  administra¬ 
tive  support  functions. 

Q:  What  is  a  typical  project  manage¬ 
ment  office  (PMO)?  Is  there  value  to 
the  PMO,  and  if  so,  what? 

A:  I  can't  imagine  running  an  IT  organi¬ 
zation  without  some  type  of  PMO,  at  a 
minimum  as  a  mechanism  for  the  CIO 
to  see  a  consolidated  view  of  project 
status  and  financials.  Regardless  of  the 
form  of  the  PMO— from  centralized 
management  of  large  enterprise 
projects  to  decentralized  project 
management  with  centralized  portfolio 
management,  monitoring,  reporting, 
standards  and  training— the  mistake 
most  often  made  is  to  hold  the  PMO, 
rather  than  the  IT  leaders,  directly 
accountable  for  project  success  and  the 
utilization  of  standard  practices.  BE1 


To  see  more  reader  questions  and  answers 
from  Susan  H.  Cramm,  go  to  www.cio.com/ 
leadership/agenda. html.  Cramm  is  president  of 
Valuedance,  an  executive  coaching  firm  based  in 
San  Clemente,  Calif.  Her  e-mail  address  is 
scramm@cox.net. 


98  CIO  MARCH  1,  2004  •  www.cio.com 


now 

DATA,  VOICE  AND  VIDEO  CAN  BE  FOUND 
IN  ONE  CONVENIENT  PLACE. 


Three  forms  of  communication.  One  IP-based  network.  Countless  ways  to  profit  from  it. 

THIS  IS  THE  POWER  OF  THE  NETWORK.  nOW. 


Cisco  Systems 


www.cisco.com 


Copyright  <3  2003  Cisco  Systems,  Inc.  All  rights  reserved.  Cisco,  Cisco  Systems  and  the  Cisco  Systems  logo  are  registered  trademarks  or  trademarks  of  Cisco  Systems,  Inc.and/or  its  affiliates  in  the  U.S.  andcei 

other  countries. 


CIO  Perspectives®  Conference 

April  18  -  20, 2004  La  Costa  Resort  &  Spa  Carlsbad,  California 

Spend  a  few  thought-provoking  and  enlightening  days  with  your  CIO  peers. 

Building  the 

21st  Centu  ry 
Organization 

Mastering  the  Politics,  Policies  and  Technologies 


The  high-performance,  technology-enabled, 
global,  seamless  and  secure  organization: 
that’s  the  goal  of  every  CIO.  Overthe  past  few 
years,  hardware  and  network/telecom  costs  have  lowered 
significantly,  and  the  enterprise  software  industry  contin¬ 
ues  to  mature.  We’ve  spent  considerable  time  and  money 
re-engi  neeri  ng  and  stream  I  i  n  i  ng  busi  ness  processes, 
“right-sizing”  our  staff  and  organizations,  leveraging  our 
customer  information  and  analyzing  our  vulnerabilities. 
But  we’re  still  not  there.  We  haven’t  won  the  IT  value 
argument  with  management,  and  our  users  continue  to 
give  us  low  marks.  So,  what’s  holding  us  back?  We’ll 
examine  the  roadblocks  that  internal  and  external  poli¬ 
tics,  policies  and  technologies  are  throwing  at  us,  and 
learn  what  actions  we  can  take— individually  and  collec¬ 
tively— to  overcome  them. 

Concurrent  CSO  Conference: 

Bring  Your  CSO 

Our  CSO  (Chief  Security  Officer)  Conference,  How  to  Take  the  Sting 
Out  of  Risk,  is  being  held  concurrently  at  the  La  Costa  Resort  &  Spa. 
If  you  and  your  CSO  or  CISO  wish  to  attend  the  respective  CIO  and 
CSO  conferences— you’ll  get  a  significant  package  discount. 

Call  us  at  800.366.0246  for  special  pricing  and  have  your  chief 
security  executive  check  out  the  CSO  conference  information 
www.csoonline.com/perspectives. 


Powerful  Insights 
Actionable  Ideas 
Great  Networking 


Call  800.366.0246  or  visit 
www.cio.com/conferences 


Sponsored  by 


invent 


O  U  OVA 


The  Value  of  Trust 


Presented  by 


CIO 


The  Resource  for 
Information  Executives 


k 

TjL' 

T  J 

1 

i 

¥ 

Conference  Moderator  &  Closing 
.  Keynote:  W.  Brian  Arthur 

I  Citibank  Professor  &  Member,  Board  of 
Trustees,  Santa  Fe  Institute  &  Fellow  of 
the  World  Economic  Forum 


Global ization  touches  all 
^organizations.  What  do  your 
policies  say  about  your  politics? 


Monday  Opening  Keynote: 

Thomas  W.  Malone 

Author  of  the  new  book,  The  Future  of 
Work:  How  the  New  Order  of  Business 
Will  Shape  Your  Organization,  Your 
Management  Style  and  Your  Life,  &  Patrick 
J.  McGovern  Professor  of  Management, 

MIT  Sloan  School  of  Management 


SPEAKERS 

James  E.  Albert 


Chief  Information 
&Telecommunications 
Technology  Officer, 
San  Francisco  Munici¬ 
pal  Transportation 
Agency 


Assistant  Vice  Presi¬ 
dent,  Business  Continu¬ 
ity,  USAA 


7 let  security  utticer 
(retired),  Fidelity 
Investments  &  Past 
President,  International 
Security  Management 
Association 


Senior  Vice  President  & 
CIO,  Tyco  International 


MM 


Vice  President  &  CIO, 
Farmers  Insurance 


Abbie  Lundberg 


editor  in  Chief, 
CIO  Magazine 


Mamie  Millard 


Senior  Vice  President, 
Product  Development 
&  Delivery, 
Travelocity.com 


Senior  Vice  President, 
Corporate  Governance, 
Tyco  International 


'TO,  DuPont 


Tony  Scott 


CTO,  General  Motors 


Linda  Tuck-Chapman 


Vice  President,  Strate¬ 
gic  Sourcing,  Scotia- 
bank 


dee  President  Informa¬ 
tion  Services,  North¬ 
eastern  University 


Senior  Vice  President 
&  CIO,  Mattress 
Giant  Corp. 


resident  &  CEO,  USAA 


Ethics, 
Compliance  & 
Transparency 


Governance 
and  Risk 
Management 


Politics  and 
Policies  with 
a  Capital  P 


Running  IT 
Like  a 
Business 


•  •  •  •  • 


A  case  study  with  two  members  of  the 
. :  new  senior  management  team  at  Tyco 
Iwho  are  rebuilding  and  refocusingthe 
:  company. 


How  can  your  organization’s 
i  structure  help  ensure  the  safety  of 
your  electronic  and  physical  assets? 


•  •  •  •  • 


A  run  of  nasty  viruses  and  a  major; 
power  blackout  provide  several 
ilessons  we  can  take  to  heart. 


(It’s  an  election  year;  no  candidate  is 
; really  talking  about  “IT  issues”— but  a 
’new  spate  of  proposed  legislation  will 
iimpaetthe  CIO’s  job. 


Research  findings  and  best  practices 
■ion  everything  from  finance  to  staffing 
to  marketing/communications. 


What  are  the  high  stakes  battles 
and  how  will  the  outcome  shape 
products  and  services? 


:  jmmuh. 

The  complaints  about  the  overall  lack  of 

’  m  Software  H 

quality  of  major  commercial  software 

:  «  Quality  IS 

are  endless.  What  can  and  is  being  done 

jto  make  it  better? 

Call  800.366.0246  or  visit 
www.cio.com/conferences. 

To  be  eligible  for  CIO  Perspectives  Conference 
attendance,  you  must  be  a  CIO  or  executive-level 
IT  practitioner  or  a  participating  corporate  sponsor. 


Are  we  stifling  innovative  products  and 
services  because  CIOs  are  afraid  to  buy 
jfrom  small  firms  and  start-ups? 


Many  enterprise  applications  turn  into 
major  disappointments,  if  not  disasters. 
Were  they  over-hyped?  Were  our 
expectations  unrealistic?  What 
separates  winners  from  losers? 


Sales  and  Services 

CIO  SALES  OFFICES 

President  and  CEO  Walter  Manninen 
Publisher  Gary  J.  Beach  •  508  935-4202 

Executive  VP  Sales/Custom  Publishing 

Ellen  Romanow  •  508  935-4796 

East  Coast 

Senior  Vice  President,  Sales  and  Integrated 
Solutions/East 

Joan  Kelly  •  508  935-4586 

Regional  Sales  Director 

Kathy  Powers  •  201 634-2331 

Regional  Sales  Manager 

Ellie  Schwab -201 634-2332 

Senior  Account  Executive 

Andrew  Haney  •  508  988-7863 
Fax  •  508  879-6063 

Account  Executive 

Joan  Bonadeo  •  201 634-2328 

Advertising  Sales  Associate 

Rhonda  Goodman  •  201 634-2329 
Fax  *201 634-9513 

New  England 

Senior  Vice  President,  Sales  and  Integrated 
Solutions/East 

Joan  Kelly  *508  935-4586 
Account  Executive 

Dawn  Cora  •  508  935-4092 
Fax  *508  879-6063 


South  Central 

Regional  Director/Advertising  Sales 

Robert  E.  Sawdon  •  512  306-9801 
Account  Executive 

Brenda  Garza  •  512  306-9801 
Fax  •  512  306-9805 

North  Central 

Senior  District  Sales  Manager 

Beth  DeVillez  •  847  441-3140 
Advertising  Sales  Associate 

Kim  Giovanni  •  847  441-5005 
Fax  •  847  441-5150 

West  Coast 

VP  Sales/West 

Cheri  Parr  *415  975-2685 
Senior  Regional  Sales  Managers 

Ai  Collins -415  975-2686 
Jane  Evans  •  415  975-2680 
Account  Executive 
Derek  Jung  •  415  975-2683 
Fax  •  415  543-2358 

Southern  California 

Senior  Account  Executive 

Isaac  Ugay  •  949  475-5579 
Fax -949  475-5583 

LIST  SERVICES 

List  Services  Director 

Kathryn  A.W.  Marston  •  508  935-4072 


List  Services  Account  Executive 

Stephanie  Roy  •  508  935-4151 

ONLINE  SERVICES 

VP/Online  Sales 

Lisa  Brown  •  508  935-4470 

Online  Sales  Manager 

Michael  McPhee  ■  508  935-4611 

CUSTOM  PUBLISHING 

Group  Director  •  Michael  Siggins 
Director  •  Mary  Gregory 
Director  of  Content  Development  •  Tom  Field 
Project  Managers  •  John  Danielowich, 

Amy  Greenleaf 

Graphic  Designer  •  Christopher  Brown 

REPRINT  SERVICES 

For  article  reprints  (500  quantity  or  more), 
please  contact  Jackie  Day  at  RSiCopyright 
(651 582-3856)  or  via  e-mail  at 
cioreprints@rsicopyright.com. 

CIO  IS  PUBLISHED  IN  THE 
UNITED  STATES  AS  WELL  AS  IN: 

Australia,  CIO  Australia  www.idg.com.au 
Canada,  CIO  Canada  www.lti.on.ca/cio 
China,  CEO  &  CIO  China  www.ceocio.com.cn 
France,  CIO  France  www.idg.fr/cio 
Germany,  CIO  Germany  www.cio.de 
India,  CIO  India  91-80-521-0309/12 
Japan,  CIO  Japan  www.idg.co.jp 
The  Netherlands,  CIO  Netherlands 
www.cio.nl 


New  Zealand,  CIO  New  Zealand  www.idg.co.nz 
Norway,  CIO  Business  Standard 
www.business-standard.no 
Poland,  CXO  Poland  www.cxo.pl 
Singapore,  CIO  ACEN/Hong-Kong 
www.idg.com.sg 

South  Korea,  CIO  Korea  www.cio.seoul.kr 
Sweden,  CIO  Sweden  www.cio.idg.se 

For  further  sales  information,  visit 
www.cio.com/marketing/salesoffices.html. 


CIO  Contact 
Information 

Editorial,  Advertising  and  Business 
Offices:  492  Old  Connecticut  Path, 
P.O.  Box  9208,  Framingham,  MA 
01701-9208,  508  872-0080. 

CIO  (ISSN  0894-9301)  is  published 
semimonthly  and  as  a  combined  issue 
December  15/January  1  by  CXO  Media 
Inc.,  492  Old  Connecticut  Path,  P.O. 
Box  9208,  Framingham,  MA  01701- 
9208.  Periodicals  postage  paid  at 
Framingham,  MA,  and  at  additional 
mailing  offices.  Canada  Publications 
Mail  Agreement  Number  1902075. 
CANADIAN  POSTMASTER:  Please 
return  undeliverable  copy  to  P.O.  Box 
1632,  Windsor,  ON  N9A  7C9. 

Permissions:  Copyright  2004  by 
CXO  Media  Inc.  All  rights  reserved. 
Reproduction  of  material  appearing 
in  CIO  is  forbidden  without  written 
permission.  Send  all  requests  to 
Permissions  Department,  CIO,  492 
Old  Connecticut  Path,  P.O.  Box  9208, 
Framingham,  MA  01701-9208. 

Photocopy  Rights:  Permission  to 
photocopy  for  internal  or  personal 
use  or  the  internal  or  personal  use  of 
specific  clients  is  granted  by  CIO  for 
users  through  the  Copyright  Clear¬ 
ance  Center,  provided  that  the  base 
fee  of  $3  per  copy  of  the  article,  plus 
$.50  per  page  is  paid  directly  to 
Copyright  Clearance  Center,  27 
Congress  Street,  Salem,  MA  01970. 
Please  specify:  ISSN  0894-9301. 
Permission  to  photocopy  does  not 
extend  to  contributed  articles 
followed  by  this  symbol:  f. 

Subscriptions:  CIO  is  free  to  qualified 
information  executives.  To  apply,  use 
our  online  subscription  form  at 
www.subscribe.cio.com.  Subscrip¬ 
tions  are  also  available  on  a  paid 
basis  at  a  rate  of  $95  for  the  United 
States  and  Canada,  $195  for  interna¬ 
tional  (payable  in  U.S.  funds  only) 
and  may  be  ordered  online  at 
www.subscribe.cio.com/services.html 
or  by  sending  an  inquiry  to  CIO,  P.O. 
Box  489,  Northbrook,  IL  60065- 
0489.  Please  allow  four  to  six  weeks 
for  a  new  subscription  to  begin.  The 
single  copy  price  is  $9  for  the  United 
States  and  Canada,  and  $15  interna¬ 
tional.  Prepayment  is  required, 
payable  in  U.S.  funds. 

Change  of  Address:  Please  go  to 
www.omeda.com/custsrv/cio  and 
follow  the  online  instructions. 

Postmaster:  Send  change  of  address 
to  CIO,  P.O.  Box  489,  Northbrook,  IL 
60065-9816.  Printed  in  the  U.S.A. 


Index  of  Companies  and  Advertisers 

Page  numbers  refer  to  the  first  page  of  the  article(s)  in  which  the  company  has  a 
substantial  mention.  This  index  is  provided  as  a  service  to  readers.  The  publisher 
does  not  assume  any  liability  for  errors  or  omissions. 


COMPANY  INDEX 

AARP  Services  Inc . 58 

Accenture . 26 

Allstate  Insurance  Co . 91 

Arnold  Logistics  LLC  . 72 

Atsec  Information  Security 
GmbH . 82 

Baylis  Distribution  Ltd . 82 

Bluegreen  Corp . 26 

Bombay  Co.  Inc.,  The . 26 

BrassRing  LLC  . 91 

Burton  Group . 82 

Chess  Logistics  Technology 
Ltd . 82 

CIO  Partners  of  Atlanta  Inc.  .  .  26 

Coldwater  Creek  Inc . 26 

eMerge  Interactive  Inc . 26 

Employease  Inc . 82 

Escalate  Inc . 26 

Forrester  Research  Inc . 48 

Gap  Inc . 26 

Gartner  Executive  Programs  . .  91 

Gevity  HR  Inc . 72 

GoldenGate  Inc . 82 

Grote  Consulting  Corp. ...  26,  72 

Guardian  Life  Insurance 
Co.,  The  . 48 

ICICI  Infotech  LTD  . 48 

J.  Crew  Inc . 26 


Jo-Ann  Stores  Inc . 26 

Kaplan  Inc . 91 

Keynote  Systems  Inc . 26 

Kirkland  &  Ellis  LLP . 82 

La  Quinta  Corp . 82 

Mandalay  Resort  Group . 72 

Mapics  Inc . 72 

Martha  Stewart  Living 

Omnimedia  Inc . 26 

Maverick  Ranch . 26 

National  Institutes  of  Health 
Federal  Credit  Union  . 82 

National  Westminster  Bank 
PLC . 91 

Northrop  Grumman  Corp.  ...  48 

Office  Depot  Inc . 26 

OnStar  Corp . 48 

Optibrand  Ltd . 26 

Orbitz  LLC  . 72 

Precision  Response  Corp.  ...  58 

Process  Inc . 48 

Process  Strategies  Inc . 48 

Reasoning  Inc . 48 

Red  Hat  Inc . 82 

RightNow  Technologies  Inc.  .  .  82 

Sabre  Holdings  Corp . 82 

ScanSoft  Inc . 26 

Scudder  Investments . 58 

ShopKo  Stores  Inc . 26 


Siemens  Business  Services 


Inc . 82 

Sourcefire  Inc . 82 

Techdirt  . 26 

Testa,  Thurwitz  &  Thibeault 

LLP . 82 

Toys  "R"  Us  Inc . 26 

Tribe  Networks  Inc . 91 

Washington  Post  Co.,  The  ...  91 

Westinghouse  Electric  Co. 

LLC . 48 

Williams-Sonoma  Inc . 26 

ADVERTISER  INDEX 

Agilent  Technologies  Inc . 29 

AT&T  . 79 

BMC  Software  . 45 

Cigital . 56 

Cisco  Systems  Inc . 99 

Computer  Associates  Inti.  Inc.  .  7 

Compuware  Corp . 61,  63 

CXO  Media  Inc. 

.  20,  33,  97, 100, 103 

Dell  Inc . 38,  93 

EMC2 . 80a 

Fujitsu  Computer  Systems 

Corp . 9 

Hewlett-Packard  Co . C2 

Humane  Society  of  US . 95 


IBM  Corp .  24,  75,  77 

Lanier  Worldwide  Inc . 31 

Lockheed  Martin  . 90 

Microsoft  Corp . 4, 16,  47 

Microsoft  Office  Live  Meeting  .  41 

NEC  Corp . 69 

Network  Associates  Inc . 43 

NextiraOne . 10 

Nokia  . 87 

Oracle  Corp . 13 

PeopleSoft  Inc . 35 

Polycom  Inc . 23 

Quantum  DLTtape . 71 

Quova  Inc . 89 

Qwest  Communications 

Inti.  Inc . 55 

Redline  Networks  (regional) .  96a 

Robert  Half  International  ....  19 

SAS  . 27 

Sharp  Electronics 
Corp . 85 

Sun  Microsystems  Inc . 37 

Sybase  Inc . 2 

Technology  Evaluation  Center  81 

Thompson  Advisory  Group  ...  21 

Trend  Micro  Inc . C3 

Veritas . C4 

Xerox  Corp . 15 


i 


t 


102  CIO  MARCH  1,  2004 


w  w  w .  ci  o  .com 


But  it's  even  better  to 
show  your  customers. 


What  better  way  to  inform  your  key  cus¬ 
tomers  of  your  editorial  coverage  in  CIO 
than  through  customized  Editorial 
Reprints? 

Leverage  the  positive  impact  of 
your  editorial  coverage  by  using 
reprints  for  direct  mail  campaigns,  seminar 
promotions,  employee  communications,  recruiting 


%  % 


and  marketing  programs.  Let  us  enhance 
your  reprints  with  your  company's  logo, 
address,  and  sales  message.  Reprints 
make  great  SALES  tools  for  trade  shows, 
mailings  or  media  kits. 

And  while  a  framed  copy  of  your  article 
will  look  neat  on  your  wall,  it  will  look  even 
better  in  the  hands  of  your  customers. 


For  more  information  on  customized  editorial  reprints  in  volume  quantities,  contact  Jackie  Day  at  651-582-3856 

or  visit  our  website  at  cio.com/marketing  and  click  on  reprints. 


EXECUTIVE 


arch  1,  2004 


COVER  STORY 
The  Truth  About  CMM 

By  Christopher  Koch  I  48 

With  CIOs  increasingly  dependent 
on  outside  service  providers  to 
get  their  software  projects  com¬ 
pleted,  they  have  come  to  view  the  Capabil¬ 
ity  Maturity  Model,  or  CMM,  as  the  USDA 
stamp  of  approval  for  software  providers. 
However,  CIOs  who  stake  their  companies’ 
projects  and  their  own  credibility  on  CMM 
ratings  should  be  wary.  We  found  that  some 
software  development  companies  lie  and 
buy  their  way  up  the  assessment  scale  to 
attract  business.  CMM  assessors  are  known 
to  have  traded  their  reputations  and  CMM’s 
credibility  for  cash.  Other  developers  who 
have  earned  legitimate  Level  5  ratings  for 
one  small  segment  of  their  development 
operation  or  a  particular  project,  hype  the 
honor  by  applying  it  falsely  to  their  entire 
enterprise.  The  CMM  certification  process 
is  inherently  flawed,  and  the  authority  that 
grants  CMM  certifications  does  nothing  to 
police  company  claims.  CIOs  need  to  under¬ 
stand  these  limitations  and  apply  due  dili¬ 
gence  to  vendor  claims.  Among  other 
things,  they  should  find  out  who  did  the 
CMM  assessment,  what  part  of  the  com¬ 
pany  was  tested  and  how  long  ago  the  test¬ 
ing  was  done. 


“If  CIOs  don’t  know 
enough  to  ask  the  right 
questions,  they  will  get 
hornswoggled.” 

-WATTS  HUMPHREY,  CMM  CREATOR, 
NOW  A  FELLOW  AT  THE  SOFTWARE 
ENGINEERING  INSTITUTE 


AARP  Is  Talking  ’Bout  That  Generation  By  Elana  Varon  I  58 

AARP,  THE  ADVOCACY  GROUP  AND  $636  MILLION  BUSINESS,  must  retool  to  meet 
the  needs  not  only  of  its  current  members  (60  percent  of  whom  are  65  or  older)  but  the  demands  of 
an  emerging  constituency  and  potentially  lucrative  market — the  76  million  baby  boomers  approaching 
retirement.  Unlike  their  parents,  boomers  are  not  good  at  waiting.  When  they  buy  products  and  serv¬ 
ices  or  look  for  information,  they  want  choice,  convenience  and  control.  AARP’s  $50  million  annual 
IT  budget  is  being  tapped  to  respond  to  boomer  needs.  In  the  past,  AARP  coded  data  exchanges  sepa¬ 
rately  between  its  member  database  and  each  provider,  a  time-consuming  and  expensive  process.  Now 
there  will  be  a  standard  interface,  based  on  Web  services,  that  will  speed  integration  with  suppliers  and 
enable  AARP  to  improve  its  customer  service  in  boomer-time. 

Interview:  Maurice  Schweitzer  By  Stephanie  Overby  I  66 

PEOPLE  HAVE  A  BIAS  THAT  AUTOMATICALLY  ASSOCIATES  input  quantity  (such  as 
how  much  time  it  takes  to  make  a  car)  with  output  quality  (how  well  the  car  performs).  Such  input 
information  does  not  necessarily  correspond  to  outcome,  but  we  are  hardwired  to  associate  the  two, 
says  Wharton  professor  and  human  behavior  expert  Maurice  Schweitzer.  Some  people  will  prey  on 
our  input  bias,  causing  us  to  make  poor  decisions  or  judgments,  to  add  to  their  advantage.  Employ¬ 
ees,  vendors  and  business  leaders  may  all  take  advantage  of  a  CIO’s  natural  biases  to  manipulate 
IT  decisions.  Fortunately,  as  Schweitzer  tells  in  this  interview,  there  are  ways  to  guard  against  making 
mistakes  based  on  bias.  For  example,  use  panels  to  judge  such  things  as  software  products,  since 
panelists  will  usually  lack  the  input  information  that  could  bias  the  CIO’s  decision. 


How  to  Hire  So  You  Don’t  Have  to  Fire  ByMeridith  Levinson  I  72 

RECENTLY,  CIOS  HAVE  BEEN  MORE  PREOCCUPIED  WITH  LAYOFFS  than  with 
recruiting.  But  as  the  economy  rebounds,  CIOs  must  dust  off  interview  techniques  to  become  masters  of 
assessing  not  just  skills  but  candidates’  dispositions.  Companies  want  people  who  are  passionate  about 
their  work  and  who  play  well  with  others — basically,  good  attitudes.  Though  candidates  are  always  on 
their  best  behaviors  in  interviews,  there  are  techniques  for  CIOs.  First,  ask  questions  that  aren’t  related 
to  skills.  For  example,  ask  candidates  if  they’ve  ever  fired  anyone  and  how  they’ve  handled  it.  This  will 
reveal  much  about  attitude.  Some  CIOs  use  behavioral  or  personality  assessment  tools,  such  as  the 
Performance  Index.  Others  try  to  leverage  relationship  recruiting,  seeking  out  people  with  the  right 
attitude  through  those  who  know  them  best,  and  then  actively  recruiting  those  prospects. 


The  Myths  of  Open  Source  By  Malcolm  Wheatley  I  82 

THAT  COMPANIES  ARE  EMBRACING  I.T.  ARCHITECTURE  chiefly  built  around  open 
source  software  signals  a  sea  change  in  attitudes.  The  attraction  of  the  open-source  model  originally 
centered  on  cost,  but  the  price  tag — or  lack  of  it — seems  irrelevant  for  companies  betting  their  archi¬ 
tecture  on  open  source.  At  benefits  administrator  Employease,  performance  is  what  matters.  The 
move  to  Linux  cut  the  company’s  server  failure  rate  from  one  per  day  using  Windows  NT  to  less 
than  twice  per  month.  Linux  also  runs  much  faster  than  NT,  effectively  increasing  server  capacity 
between  50  percent  and  75  percent.  While  downplaying  cost  savings  from  license  fees,  open-source- 
based  enterprises  cite  reduced  maintenance  costs  from  the  elimination  of  vendors  requiring  them  to 
migrate  to  new  versions  of  proprietary  software  or  pay  for  extra  support.  At  travel  company  Sabre 
Holdings,  a  major  migration  to  open  source  is  under  way,  prompted  by  an  estimated  savings  of  tens 
of  millions  of  dollars  during  the  next  five  years. 


( 


4 


104  CIO  MARCH  1,  2004  •  www.cio.com 


V  ’ 


/ 


/ 


m 


ODDS  ARE  YOUR  ANTIVIRUS, 
ANTI-SPAM,  AND  CONTENT  FILTERING 
ARE  NOT  INTEGRATED  AT  THE  GATEWAY. 


\ 


Beat  the  odds  with  Trend  Micro. 

^Spam,  viruses,  and  malicious  behavior  can  all  threaten  your 

' 

security.  That's  why  Trend  Micro,  the  global  leader*  at  the  gateway, 
created  InterScan™  Messaging  Security  Suite  5.5 —  a  cost-effective 
integrated  messaging  security  platform  that  combines  antivirus, 
content  filtering,  and  anti-Spam  applications  in  one 
easy-to-manage,  scalable  solution. 

For  a  free  evaluation,  call  1.888. 58. TREND 
or  go  to  www.trendmicro.com 


scommended  J 

SC3Q3 


PRODUCT 

pi  OF  THE 

Oyear 

1)2003 


April  22.  2003 
Trend  Micro 

Enterprise  Protection  Strategy 
Trend  Micro,  Inc. 


% 


TREND. 

MICRO 


*IDC  market  research.  September,  2003.  ©2003  Trend  Micro  incorporated  All  rights  reserved  Trend  Micro,  the  t-ball  logo  and  InterScan  Messaging  Security  Suite  are  trademarks  or  registered  trademarks  ot  Trend  Micro  Incorporated 
All  other  company  and/or  product  names  may  be  trademarkstor  registered  trademarks  of  their  owners 


storage  software  company. 


VERITAS  Software  lowers  your  storage  costs  regardless  of  the 
hardware.  EMC.  Hitachi.  HP.  IBM.  Sun.  What’s  your  agenda?  veritas.com 


VE  RITAS" 


Copyright  ©  2004  VERITAS  Software  Corporation.  All  right*  reserved.  VERITAS,  and  the  VERITAS  Logo  are  trademarks  of  VERITAS  Software  Corporation  Reg.  U.S.  Pat.  &  Tni.  Off. 

All  other  trademarks  are  the  property  of  their  respective  ow  ners. 


% 


